Password Encryption

KITTfan2K

I know that this has been brought up in the past, but, which of the encryption methods built into MySQL is better?

ENCRYPT ('$Pass') I've had problems checking those later.
PASSWORD ('$Pass') This seems to be the logical choice.
MD5 ('$Pass') Does this offer better protection?

Also, could I do something like ENCRYPT (PASSWORD (MD5 ('$Pass) ) ) to get security from all three at once?

I currently use PASSWORD ('$Pass') to save, and check if there's a row where the password field matches PASSWORD ('$Pass')

I could do that with MD5, right? Would it be better to do that with MD5? Or is PASSWORD the right choice?

KITTfan2K

mrhappiness

the encrypted stringf returned by md5 is 32 characters in length, password returns less characters ond so is - at least this is my personal opinion - more secure then PASSWORD

ENCRYPT is reversible whereas PASSWORD and MD5 are not, so i'ld say that ENCRYPT is less secure

the mysql-homepage says:

The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead.

KITTfan2K

Originally posted by mrhappiness
the mysql-homepage says:
The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead.

So could I do SHA1( MD5 ('$Pass') ) for better encryption?

Surely it's better to encrypt twice than just to do it once?

KITTfan2K

drawmack

md5 is plenty of security all you'll be doing is unnesacarily slowing down the application.