tags:

views:

59

answers:

1
+2  Q: 

sha1(password) encryption

Alright, so I tried to make my users info super secure by adding '" . sha1($_POST['password']) . "' when inserting their password when they register. THAT WORKS great, looking at the database, I have no clue what their password is.

Now the problem is logging in. I'm running some tests and when I try to log in, the password 12345 doesn't match the encrypted password using "$password=sha1($_POST['mypassword']);"

Any idea's why?

+2  A: 

Double check the size of the password column on your database... ensure that it's holding the entire sha1 hash. (varchar(40))

When hashing the password, what is the value of the raw_output parameter? If true, then your return is a 20-character binary string; if false, it's a 40-character ASCII string. Ensure you can store a binary value on the database if the former, or change to using the latter.

Mark Baker  2010-06-14 15:07:48
Mark you are 100% correct, the length was at 32. thanks@dmazzoni, I'm researching salt now. It's a full time job staying up with all this stuff.
Jason  2010-06-14 15:14:43
Have a look at Josh K's answer to http://stackoverflow.com/questions/3038136/am-i-supposed-to-store-hashes-for-passwords about salting.... it's a nice simple worked example
Mark Baker  2010-06-14 15:22:34

related questions

How can I use both PHP 4 and 5 with the same apache install?
Resolve a filename from another file
exporting mysql data to ODF with php
How do I iterate through DOM elements in PHP?
Caller function in PHP 5?
How to link to a gzipped javascript in an html document?
PHP 5.x syncronized file access (no database)
Custom Filters/Validators in Zend Framework
PHP5: Specifying a datatype in method parameters
Zend PHP5 Certification, does it matter?
PHP: self vs this
PHP __destruct() method
Stored Procedures, mySQL and PHP5
Dynamic class variables
Tidy Converting <Span Style="Font-Style:Bold"> to <Class="C1">.
PHP equivalent of Perl's 'use strict' (to require variables to be initialzied before use)
Where would you advertise for a UK based telecommuting PHP developer?
Is there any way to detect the target class in PHP 5 static methods?
How to create a DOM from a User's input in PHP5?
PHP - command line arguments in Windows
How do I access class variables of a parent object in PHP?
In PHP5, should I use Exceptions or trigger_error/set_error_handler ?
Best way to hide DB connection code in PHP5 for apps that only require one connection?
Get MIME type of a local file in PHP5 without a PECL extension?
Implications of Instantiating Objects with Dynamic Variables in PHP