+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: md5 encryption (/showthread.php?tid=18435)
md5 encryption - El Forum - 05-06-2009
[eluser]junaids[/eluser]
hi i have a registration module and i save user password using md5 encryption.
then on login i use md5 to encrypt the password and match it with database.
but it does not match
Code:
$this->db->from('user');
$this->db->where('username',$u);
$this->db->where('password', md5($pw));
echo md5($pw);against a particular username and password with the echo statement i m getting pw as "7fa8282ad93047a4d6fe6111c93b308a "
while in the db the password is "7fa8282ad930"
the password in the db is just a part of password produced on login so i m unable to login why?
md5 encryption - El Forum - 05-06-2009
[eluser]Slowcheetah[/eluser]
Check your maximal fieldsize for the password column in the database. Then try to register a new account, and check again.
p.s. There are several pre-made codeigniter authentication librarys, check out this article.
md5 encryption - El Forum - 05-06-2009
[eluser]Dam1an[/eluser]
An md5 will always be 32 characters long, regardless of the input side
md5 encryption - El Forum - 05-06-2009
[eluser]junaids[/eluser]
thanks
md5 encryption - El Forum - 05-06-2009
[eluser]Thorpe Obazee[/eluser]
@OP. You shouldn't probably use md5 alone since there's a growing number of md5 hashes nowadays. You should probably work on 'salting' passwords.
md5 encryption - El Forum - 05-06-2009
[eluser]n0xie[/eluser]
md5 rainbow tables are abundant. Use either sha1, a salt, or both for better security. Also use prepared statements. There are a number of articles floating around on this forum about proper authentication conventions, maybe they're some use to you.
Good luck.
md5 encryption - El Forum - 05-07-2009
[eluser]the_namdeeW[/eluser]
I personally would use SHA1. MD5 hashing doesn't seem to be as secure.