Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

How to encrypt/decrypt passwords using MySQL & Perl



8:29 am on Jul 14, 2003 (gmt 0)

I had saved the passwords which the user had entered on registration in MySQL using the password() function of MySQL. But I am not able to compare it when the user tries to logon.
Are there any other methods of encrypting and decrypting values at server side?


9:47 am on Jul 14, 2003 (gmt 0)

10+ Year Member

Hi and welcome to WW,

Rather than encrypting and decrypting you probably just want to store the encrypted version. When someone logs on encrypt their password using the same function and compare the encryptewd string to the on you have in your DB.



9:49 am on Jul 14, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

hi navdeeptalwar, welcome to webmasterworld [webmasterworld.com].

it's always a good thing to take a look in the manual first:

PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.

nevertheless i found an example [weberdev.weberdev.com] of someone who is using this function for password verification.

- hakre.


6:50 am on Jul 19, 2003 (gmt 0)

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Welcome to Webmaster World!

To be frank - you do not want to decrypt a password. Even if you had a working solution, it would greatly harm your security.

Instead, follow Robber's suggestion.

The crypt function would work really well. The following solution uses the first two letters of the password as salt. Finally, it only returns the last 11 characters (since the first two are the salt as plain text:

$cryptpwd = substr(crypt($pwd,substr($pwd,0,2)),2);

Now, store this value in your database. When someone logs in, simply encrypt the password the same way and compare it to the database value.


Featured Threads

Hot Threads This Week

Hot Threads This Month