Hey guys,

I found a good web host recently, and have been working on a webpage. As an exercise, I'm building a user-based system from the ground up. What should I do for passwords? Obviously it wouldn't be a good idea to store the passwords in plain text in the database... I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions. Is this a good or feasible idea? If so, what sort of encryption algorithm would be useful?

I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions.Clarification: encrypting the original password in the database, encrypting user input, and seeing if the encrypted input matches the database's encrypted password.

Hmm, does your host support PHP? That would be one idea.........I believe PHP's built-in encryption functions use a fairly standard version of AES. It's been a while since I read my tutorials, I'd have to look that up to be sure.

In general, encryption is feasible enough. Java has encryption and DBM functionality too, should you ever consider the applet approach. I'm afraid I can't offer advice much more specific than that.........hope it at least gets you brainstroming :bow:

Yes, my host supports MySQL and PHP. You say that PHP has some built-in encryption functions? I'll have to take a look at that.

Alright, in that case, the function you'll want to look into is crypt (http://php.about.com/od/advancedphp/ss/encryption.htm)

Someone also recommended RSA above MD5. Are there any functions for that, or would I have to code an algorithm for it?

Crypt supports MD5. This page has an example of how you use it in the function's arguments.

http://www.ibm.com/developerworks/library/os-php-encrypt/index.html

RSA would be pretty simple to work into your own code. Wikipedia has a simple version, but to my sense, I wouldn't advise it over MD5 at all. One, you'd have to code it yourself. Two, even if you were coding both by yourself, MD5 is a great deal simpler. Three, not some many vulnerabilities. Though in the end, I can't imagine it mattering much, but it's a choice upon yourself.