How do you encrypt certain fields of a mySQL database?

[dude8604]

I'm working on a signup php scipt that stores passwords. I want them to be encrypted. Is there a way to encrypt the passwords in the database and allow a login script to have access to it? Thanks.

 

[Ameesh]

you can use php to encrypt and the store in db, you can use their login as an initialization vector and their password as a key.

 

[helloedchen]

this php function might be good start: php.net

 

[yllus]

Originally posted by: dude8604
I'm working on a signup php scipt that stores passwords. I want them to be encrypted. Is there a way to encrypt the passwords in the database and allow a login script to have access to it? Thanks.

When writing the password to the database (using an INSERT or maybe an UPDATE statement), use the MySQL PASSWORD function to encrypt that text. An example of usage:


INSERT INTO table VALUES
('username', PASSWORD('password'), 'someone@somewhere.com');


Simple, neh? Remember though that this is one-way encryption, there is no way to retrieve to clear text version of the password once it's been written. At that point, to for example verify if a user is logging in with the correct password, take a password in, run the MySQL PASSWORD function on what the user has supplied and compare that encrypted text to the encrypted password saved to the database. There you go, your password verification scheme.

 

[GagHalfrunt]

Originally posted by: dude8604
I'm working on a signup php scipt that stores passwords. I want them to be encrypted. Is there a way to encrypt the passwords in the database and allow a login script to have access to it? Thanks.

If you want to encrypt passwords, use the simple PHP md5 command like:
$encrypted_pw = md5("$password");

A word of advice, if you're storing information like credit card numbers, then encrypt it. If you're just storing passwords for a forum log-in or something simple like that, don't encrypt at all. Anything that's securely encrypted can't be de-crypted, so if a person forgets a password it can't be retrieved and sent out. You'd need to go through the hassle of resetting it entirely, having the person log in with a temp password and giving them a method to change it back.