Basic security, PHP mySQl

Question

So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things.

I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct.

But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted?

I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted.

Is that how it's suppose to work though? And it feels unsafe doing that all on the same page.

Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)

Answer 1

If you're generating passwords, generate a password and send the generated password to the student. MD5 that password and store it in the database. When someone logs in, MD5 the password they submitted in the form and compare that hash to the one in the database. If they match, successful login.

Answer 2

A few things here:

1. You aren't really encrypting it, you're hashing it. Easy thing for newbies to confuse, but just wanted to get that out of the way.

2. Don't use MD5, it's just not a very secure hash. Use one of the SHA variants instead if possible.

3. Don't just hash the password, you'll want to "salt" it too. Basicly this involves adding a random string to the password before you hash it, and storing that random string somewhere where you can retrieve it later (so that you can validate the hash when the user enters their password). This helps prevent against pre-computed dictionary attacks.

As for generating the password, I think you are on the right track - I would just generate it when they create their account, email it to them, then hash it and store the hashed (and a random salt) on the user record in the DB.

Answer 3

Adding to the previous answers, depending on the hashing method you choose, the process goes like this:

1.- It is good idea generating the password the first time the students enter their ID and email.

2.- When they submit their data you receive it and generate the password randomly using any hashing method of your choice and store it in your DB.

3.- When they want to log in you ask for their ID and password, use the hashing method on the entered password and compare it with the one that's stored.

4.- If they lose their password and the hashing method has no way to be undone or reversed, you need to implement a method to create a temporary link sent to the student's email to create a new password, for there's no way to retrieve the old one. If the hashing method can be reversed then there's no problem, just de-hash it and send it to the studen's email.

Hope this clarifies a bit the process :)

Answer 4

Your PHP should generate the password at the time of registration. Email the password to the student then run it through a hashing function (md5() is ok but sha1() is better). Store the hash in the DB and drop the original password. That way not even you can see what it is.

When the user logs in, hash their typed password and compare it against the hash stored in the DB. If they match, the user typed the right password.