Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why not use AES for password encryption in PHP?

Everywhere I have seen people talking about storing passwords in a database, they have almost always used MD5.

What is wrong with AES, or SHA1?

like image 813
Metropolis Avatar asked Jun 29 '10 20:06

Metropolis


1 Answers

If you store a password encrypted, it can be decrypted. Since many people reuse passwords across many different systems, this is a bad thing. So you use a one-way function, a cryptographic hash function - this way a password can be verified without actually being revealed.

As Greg commented, AES is an encryption/decryption algorithm. MD5 and the SHA family are hash functions, which are the more appropriate ones to use. But steer clear of MD5 nowadays - it's not really seen as secure enough any more. Xiaoyun Wang published an effective collision attack against it in 2005, and its strength is now seen as considerably below its design strength - thus in cryptographic terms it is "broken".

For best results, the standard is to salt and hash a password to store it - google these terms in tandem and you'll find numerous references.

like image 97
David M Avatar answered Sep 20 '22 06:09

David M