Jump to content


Photo
- - - - -

encrypting a password


  • Please log in to reply
1 reply to this topic

#1 Ziggy54354

Ziggy54354

    OCC's Sexiest Asian

  • Members
  • PipPipPipPip
  • 1495 posts

Posted 12 February 2008 - 05:14 PM

Hi guys, im doing a project on web access security and im pretty much a newbie to both php and html. My current setup goes like this. I use an html form which takes a password and then passes it to another pages which uses php and does an md5 hash on the password and stores it in a database(txt based) when a user creates an account. The problem with this though is the password is transfered as cleartext before it gets hashed so people sniffing the line could pick it up. Is there a way i could encrypt the password on the clientside before it is sent server side to be stored into the db?? As a note, i can't use SSL which is pretty dumb.
Current Rig:

Intel E8400 4ghz | DFI Blood-Iron P35 | EVGA 9800GTX+
2x 320GB Seagate 1x 500GB Seagate 1x 1.5TB Seagate | 4GB G.Skill pc8000 PQ


Ubuntu Rig:

AXP 1.4ghz 200FSB 7x | Abit NF-7s | 6800GS
200GB Seagate | 1gb Corsair XMS pc3200 2-2-2-11


#2 NCC10281982B

NCC10281982B

    The useless guy™

  • Moderator
  • PipPipPipPipPipPip
  • 6994 posts
  • Gender:Male
  • Location:Bellevue, WA

Posted 12 February 2008 - 05:31 PM

you could have the page with the text boxes be php and put the hashing functions in there. try looking around php.net

Also why can't you use ssl?
<span style="font-size:18px;"><strong>Holy c*** I don't know how that happened or how it got fixed. Which is the very worst kind of fixed.</strong></span> <img src="<a data-ipb='nomediaparse' href='http://folding.extre...igimage.gif"><adata-ipb='nomediaparse' <a>href='http://wigle.net'><img</a> <a data-ipb='nomediaparse' href='src='>src="http://wigle.net/bi/CFr15LujaQwHZgiAc222zw.png"</a> alt="CFr15LujaQwHZgiAc222zw.png"></a>