Back To Programming / Scripting / Coding Forum

mysql password encryption

  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post July 12th, 2005, 6:35 am

I seen some programs such as phpbb, ipb, phpcoins etc... and they all encrypt mysql passwords in their "mysqlconnect.php" files.

What is the technique for doing this?

For example@

If mysql password was: apple

In the connect.php file it wont have apple as password but some alpha-numeric string.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post July 12th, 2005, 6:35 am

  • erc
  • Newbie
  • Newbie
  • No Avatar
  • Joined: Jul 12, 2005
  • Posts: 6
  • Status: Offline

Post July 12th, 2005, 6:39 am

it's probably an md5 hash

http://us3.php.net/manual/en/function.md5.php
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post July 12th, 2005, 6:43 am

It's smaller than an md5 hash. Even if it was, the password would be m45 hashed again to connect.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • erc
  • Newbie
  • Newbie
  • No Avatar
  • Joined: Jul 12, 2005
  • Posts: 6
  • Status: Offline

Post July 12th, 2005, 7:35 am

Can you paste an example of one of the strings?
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post July 12th, 2005, 7:39 am

If i did, it wouldnt exactly be secure would it lol.

Another thing is, i know it's not MD5.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • erc
  • Newbie
  • Newbie
  • No Avatar
  • Joined: Jul 12, 2005
  • Posts: 6
  • Status: Offline

Post July 12th, 2005, 8:18 am

Well, here's an md5, just to be sure:
e4de9d99c7e4ce0585c456764fe879ce

I don't care if you see it, because md5 is one way. I'm pretty sure that's what phpBB uses for its passwords... but it's gonna be hard to tell if I can't see an example, even if it's just a dummy password.

EDIT: I've confirmed that phpBB uses md5 for passwords:

http://www.phpbb.com/kb/article.php?article_id=40
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post July 12th, 2005, 8:30 am

Quote:
Well, here's an md5, just to be sure:
e4de9d99c7e4ce0585c456764fe879ce


I know lol. I said that it wasn't an md5 hash. It was a smaller encryption than that, like 9-12 characters.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post July 12th, 2005, 8:33 am

Yeah password for user accounts.

I am talking about the mysql connect php script.

$username = username;
$password = password;

.....


mysql_connect($username,$password....);



The password shows in full form doesnt it? I want to be able to encrypt that, as well as being able to login to mysql database.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • erc
  • Newbie
  • Newbie
  • No Avatar
  • Joined: Jul 12, 2005
  • Posts: 6
  • Status: Offline

Post July 12th, 2005, 9:09 am

I'm sorry, I misunderstood. That, I'm not sure of, but I'll see if I can find out.
  • Mas Sehguh
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Aug 07, 2004
  • Posts: 1853
  • Status: Offline

Post July 12th, 2005, 12:19 pm

They could be using crypt().
  • Axe
  • Genius
  • Genius
  • User avatar
  • Joined: Jan 07, 2004
  • Posts: 5744
  • Loc: Sub-level 28
  • Status: Offline

Post July 12th, 2005, 12:47 pm

Yeah, most use either PHP's md5() function, or mysql's password() function.
  • Phantom
  • Novice
  • Novice
  • No Avatar
  • Joined: Dec 05, 2004
  • Posts: 25
  • Status: Offline

Post July 12th, 2005, 1:24 pm

How would you use the password() function in an example code?
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Joined: Aug 03, 2004
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap
  • Status: Offline

Post July 12th, 2005, 2:14 pm

The same as MD5 i would guess.

PHP Code: [ Select ]
 
$word = "textstring";
 
$encrypt = password($word);
 
echo "$encrypt";
 
 
  1.  
  2. $word = "textstring";
  3.  
  4. $encrypt = password($word);
  5.  
  6. echo "$encrypt";
  7.  
  8.  
GodBeGone - Atheist Blog
  • Axe
  • Genius
  • Genius
  • User avatar
  • Joined: Jan 07, 2004
  • Posts: 5744
  • Loc: Sub-level 28
  • Status: Offline

Post July 12th, 2005, 2:36 pm

the password function is MySQL, not PHP. As a quick off-the-top-of-my-head example, let's say you're comparing a user-entered password to one in the database...

Code: [ Select ]
select * from mytable where passwordfield = password('entered_password')

To update a user's password..

Code: [ Select ]
update mytable set passwordfield = password('new_password') where user_id = '123'
  • Mas Sehguh
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Aug 07, 2004
  • Posts: 1853
  • Status: Offline

Post July 12th, 2005, 3:26 pm

Nem, if you could just give us a single password/hash pair, we could tell you exactly what was being used instead of this curious speculation.

If you can't do that, then surely you can paste a single hash.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post July 12th, 2005, 3:26 pm

1, 2

Post Information

  • Total Posts in this topic: 17 posts
  • Users browsing this forum: No registered users and 199 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.