hash and 'unhash'

Anon

I need a simple way to encode a password and put it in a mysql database and simple way to decode that password when it comes out of the database.

Probably a silly question, but the whole mhash/md5() thing is kindof blurry to me.

Anon

you won\'t be able to decode a md5 encoded pwd! you can compare both strings(the one in the db and the original one md5 encoded) to verify the pwd

[deleted]

The thing is, you should never 'decode' the password in te first place.
If you can decode it, so can a hacker. If you are not on your own dedicated server, then never use decodable passwords.

MD5 is irreversable, which makes it ideal for passwords. Just store the MD5 hash of the password in the database, and every time you need to check the password, compare the MD5 hash of the submitted password with the hash stored in the database.

If your user loses his password, give him a new password, never decode the old one.

Anon

Makes sense. I was a little puzzled about what the MD5 was all about. Decoding is indeed a rather weird thing to do.

Comparing hashes it is. Second time you came to the rescue vincent, thanks. You too Sky.

Cheers

Martin