Menu
▾
▴
Re: [Fofredux-devel] password encryption
|
From: Kevin <ke...@dr...> - 2006-04-23 21:10:14
|
Evan Roth wrote: > me again. short one this time... > > what encryption do i choose? > > i'm at the point of inserting user into db, and need to encrypt his > password, but i want to choose something that most users have, without > extra configuration on their part. > > options are: > 1. simply crypt() which gives us DES, MD5 and blowfish, if i remember > correcly, but will only do basic 1 way encryption. > 2. mcrypt() which gives us way more choices, but needs to be built > into php. mine was there by default, so perhaps most of you have it? > this gives a real module to work with, if we need to do further > encryption. > 3. adodb-lite? do they offer something? i know MySQL has native > support for encryption...but we can't use that...so without me opening > the adodb docs, anyone know if this is even an option? > > i lean towards the first option, but as usual, a quick vote is > normally the best. (and it's easy for me to pass off to the rest of > you and go to bed...=) > I vote option 1 using md5() or sha1(). both come built in to php since v4.3. (md5 probably for much longer) Option 2 would require the mcrypt extension module, which doesn't get installed by default, at least not on my system. (Debian stable) If adodb-lite had anything, it would just be a wrapper for the native php function. > hopefully kevin will make some headway with the svn stuff...i've got a > bit to push upstream then, since the install function should be > working with this step complete. (even though it's ugly and waiting > on khaled or someone else to beautify it.) The CVS -> Subversion conversion process is broken. I have a support ticket open, but it may be days before it is resolved. Should I just unlock CVS for the time being? -Kevin |
