[eluser]Ben[dog][/eluser]
[quote author="xwero" date="1222865172"]
What you can do if you insist on having a encrypted value to check is add an md5-ed field of the password to the table.[/quote]
[eluser]Jon L[/eluser]
Maybe a sha1 field would be better, as there are many websites now that store known md5 hashes for passwords (i.e. - they show the password and the md5 hash that represents it), so if someone ever gained access to your database, they could easily determine most of the md5 passwords present.
[eluser]xwero[/eluser]
sha1 is also crackable and two way encryption is too. If you want to go for secure pass words the only way to go is using sha1 and a random salt.
