Re: Password Encryption to replicate MySQL PASSWORD function - Mailing list pgsql-php

From Luke Woollard
Subject Re: Password Encryption to replicate MySQL PASSWORD function
Date
Msg-id NGBBIAJCILLOIJPKMOIFCECHCMAA.luke@taborvision.com
Whole thread Raw
In response to Re: Password Encryption to replicate MySQL PASSWORD function  (Joe Conway <mail@joeconway.com>)
List pgsql-php
COOL - THANKS FOR THE INFORMATION.

LW





-----Original Message-----
From: pgsql-php-owner@postgresql.org
[mailto:pgsql-php-owner@postgresql.org]On Behalf Of Joe Conway
Sent: Wednesday, 22 January 2003 3:14 PM
To: Luke Woollard
Cc: pgsql-php@postgresql.org
Subject: Re: [PHP] Password Encryption to replicate MySQL PASSWORD
function


Luke Woollard wrote:
> In mysql I have used the 'PASSWORD('someString')' function to encrypt each
> users password. When authenticating a user for system use, I use the same
> function to compare encrypted password.
>

 From the MySQL manual:
"The PASSWORD() function is used by the authentication system in MySQL
Server,
you should *not* use it in your own applications. For that purpose, use
MD5()
or SHA1() instead." (emphasis added)

FWIW, the algorithm used in PASSWORD() must be pretty weak, as it appears to
only create an 8-byte (16 hex chars) hash. MD5() (16 bytes/32 hex chars) and
SHA1() (20 bytes/40 hex chars) are available in contrib/pgcrypto.
Alternatively you could use the PHP functions by the same names.

HTH,

Joe


---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org



pgsql-php by date:

Previous
From: "Luke Woollard"
Date:
Subject: Re: Password Encryption to replicate MySQL PASSWORD function
Next
From: ryanne cruz
Date:
Subject: pg_result