Security question about AEL encryption

General PHP Help
#1

Hi,

I recently started researching how I could encrypt the passwords of my users in my MYSQL database. After some research, I decided to go with AES.

I understand how to use AES in the syntax, but my question is more of a security matter.

When new users register on my website, in PHP, I have to put the SQL syntax directly in the PHP source code. Which means that I have to put the AES password directly into the source code to encrypt the password, and decrypt it.

I am quite new to web developing, especially in security matters since I just passed the basics. Is there any security breach by putting the AES password in the PHP source code? If there is, how to overcome it?

Asking this to be sure I don’t do something stupid :slight_smile:

Thanks in advance!

#2

if password is encrypted you dont have to worry noone can guess what is behind those encrypted disgest ramdon strings

however to avoid brute force password attacks you can always go further and use this encrypting method

this is using md5 and encrypting the encrypted password + the password several times

[php]

<?php function pwhash($password,$iterations=13) { $hash =md5($password); for ($i = 0; $i < $iterations; ++$i) { $hash = md5($hash . $password); } return $hash; } //to call it aruments are password iterations is optional echo pwhash("mypassword"); ?>

[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service