mysql password encryption

  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

I seen some programs such as phpbb, ipb, phpcoins etc... and they all encrypt mysql passwords in their "mysqlconnect.php" files.

What is the technique for doing this?

For example@

If mysql password was: apple

In the connect.php file it wont have apple as password but some alpha-numeric string.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • erc
  • Newbie
  • Newbie
  • erc
  • Posts: 6

Post 3+ Months Ago

it's probably an md5 hash

http://us3.php.net/manual/en/function.md5.php
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

It's smaller than an md5 hash. Even if it was, the password would be m45 hashed again to connect.
  • erc
  • Newbie
  • Newbie
  • erc
  • Posts: 6

Post 3+ Months Ago

Can you paste an example of one of the strings?
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

If i did, it wouldnt exactly be secure would it lol.

Another thing is, i know it's not MD5.
  • erc
  • Newbie
  • Newbie
  • erc
  • Posts: 6

Post 3+ Months Ago

Well, here's an md5, just to be sure:
e4de9d99c7e4ce0585c456764fe879ce

I don't care if you see it, because md5 is one way. I'm pretty sure that's what phpBB uses for its passwords... but it's gonna be hard to tell if I can't see an example, even if it's just a dummy password.

EDIT: I've confirmed that phpBB uses md5 for passwords:

http://www.phpbb.com/kb/article.php?article_id=40
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Quote:
Well, here's an md5, just to be sure:
e4de9d99c7e4ce0585c456764fe879ce


I know lol. I said that it wasn't an md5 hash. It was a smaller encryption than that, like 9-12 characters.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Yeah password for user accounts.

I am talking about the mysql connect php script.

$username = username;
$password = password;

.....


mysql_connect($username,$password....);



The password shows in full form doesnt it? I want to be able to encrypt that, as well as being able to login to mysql database.
  • erc
  • Newbie
  • Newbie
  • erc
  • Posts: 6

Post 3+ Months Ago

I'm sorry, I misunderstood. That, I'm not sure of, but I'll see if I can find out.
  • Mas Sehguh
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1853

Post 3+ Months Ago

They could be using crypt().
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Yeah, most use either PHP's md5() function, or mysql's password() function.
  • Phantom
  • Novice
  • Novice
  • Phantom
  • Posts: 25

Post 3+ Months Ago

How would you use the password() function in an example code?
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

The same as MD5 i would guess.

PHP Code: [ Select ]
 
$word = "textstring";
 
$encrypt = password($word);
 
echo "$encrypt";
 
 
  1.  
  2. $word = "textstring";
  3.  
  4. $encrypt = password($word);
  5.  
  6. echo "$encrypt";
  7.  
  8.  
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

the password function is MySQL, not PHP. As a quick off-the-top-of-my-head example, let's say you're comparing a user-entered password to one in the database...

Code: [ Select ]
select * from mytable where passwordfield = password('entered_password')

To update a user's password..

Code: [ Select ]
update mytable set passwordfield = password('new_password') where user_id = '123'
  • Mas Sehguh
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1853

Post 3+ Months Ago

Nem, if you could just give us a single password/hash pair, we could tell you exactly what was being used instead of this curious speculation.

If you can't do that, then surely you can paste a single hash.
  • patrick_s
  • Born
  • Born
  • patrick_s
  • Posts: 1

Post 3+ Months Ago

If you want the comprehensive protection for MySQL server I would suggest to go with pci general and security-general from http://www.packetgeneral.com

Mas Sehguh wrote:
Nem, if you could just give us a single password/hash pair, we could tell you exactly what was being used instead of this curious speculation.

If you can't do that, then surely you can paste a single hash.
[/img]
  • Jwh1o1
  • Born
  • Born
  • Jwh1o1
  • Posts: 1

Post 3+ Months Ago

lol mysql password is abcd1234 and the database entery is 335f5a824b3ba309

Post Information

  • Total Posts in this topic: 17 posts
  • Users browsing this forum: No registered users and 137 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.