SO.......why not store the original password and just MD5 for the search and compare to ensure secure data transition?
Or as I suggest above, start using a reversable encryptuion like mcrypt (free PHP source).
(, Fri 12 Jan 2007, 15:32, archived)
Because if someone gets into the Database, they would of had everyone's password.You should never store them as raw-text, it was just during a beta-phase.
I've never heard of mcrpt, so I wouldn't of used it.
(
G/PP 💩💩💩💩💩€, Fri 12 Jan 2007, 15:36,
archived)
storing original passwords is a big bad smelly thing to do.md5 the password and store in DB. When comparing passwords you md5 the input, with salt if you like, to the md5 hash in db.
There is *no* reason whatsover to store original passwords, and if anyone got access to your DB, you may well have just screwed over every user.
/securityblog
(
Jenk Neptune is a pedant and now I can't fit my sig in, Fri 12 Jan 2007, 15:36,
archived)