I've had many discussions about the way user passwords should be kept inside the database. And I want to see how you think about this topic.
Many people use same username and password combo on all sites they need to authenticate themselves to. This means if your database gets hacked, clear text passwords stored in the database can now be abused to login onto financial service providers like google or paypal.
I believe that it's better to generate a one-way encrypted password by using MD5 or other encryption mechanism. If your customer forgets that password you can generate one on-the-fly to send it to his registered e-mail address.
A little bit more security and a little less user experience will even the balance.
I think the best way would be to MD5 the passwords and then apply a salt to them. This will render the passwords useless if the database's security does get breached because although they have the password hashes, they'll be completely different from the hashes stored in Gmail and Hotmail, for instance, and thus no way to deduce any of the same passwords.
The good thing about the salting is that there's absolutely no way to extract the salt from the hash and therefore uncrackable - and even less crackable in the sense of hash lookups because these databases do not take into account salts. Consider a 5 character salt, this would add thousands, if not millions if you take into consideration non-alphanumerical characters, and so a lot of computing power would be required to, not only generate all the hashes for every single dictionary word, but every single salt for every single dictionary word. Meaning if you had the word duck then you'd need to compute the hash for duck 10,000 more times if that's how many salts are possible in the system you have/going to/don't stand a chance in hacking.
However, as we know, security is never that straightforward, and although individuals don't pay attention to advice such as this, I'll say it anyway. You can never trust the source on how your password is getting stored. Albeit I don't change my passwords from site-to-site, if I register with a website that I feel is important, I use a weak password that I use for all those that I couldn't give a monkeys about - and wouldn't lose any sleep over if someone had access to it. For all you know your password could be stored as plain-text, and as you've specified your email address to sign up with, access to your email inbox has now become a grave reality - sadly :(.
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
think the best way would be to MD5 the passwords and then apply a salt to them. This will render the passwords useless if the database's security does get breached because although they have the password hashes, they'll be completely different from the hashes stored in Gmail and Hotmail, for instance, and thus no way to deduce any of the same passwords.
Then again we're talking about usernames now passwords + salts.
__________________ PHP/XHTML Freelancer: Cleanscript.com v3 - Programming starting at just $5 act now!