Topic: Password encryption

[FPF-SCM_TraceyG_XC]

A question for the programmers...

If you were going to write a program that stored passwords in a database, what encyption method (if anyl) would you use?

[Bonk]

SHA256 is the new standard, as I understand it.

http://www.dynaverse.net/forum/index.php/topic,163360317.msg1122624384.html#msg1122624384

In particular:
http://www.php.net/manual/en/ref.mhash.php

But it depends on the database really. MySQL is only using a 45 byte password hash for its own accounts, so encrypting beyond that may be redundant... but I suppose if someone hacked into the db it might be useful if the passwords you stored there were more deeply encrypted than the db accounts themselves...

But for most purposes the good old MD5 hash will do, unless you expect elite haxors to get into your db..

[FPF-SCM_TraceyG_XC]

Thanks for the reply, Bonk. 

[Dracho]

Triple DES..

Blowfish is also okay. http://www.schneier.com/blowfish.html

[Bonk]

Is it legal to use DES outside the US yet?

That is pretty much the raison d'etre for the Canadian OpenBSD out of Winnipeg no?

[FPF-SCM_TraceyG_XC]

Well, whether it is legal or not, if I write the code myself then how can the use of an algorithm be policed? lol

The inspiration for my question came from a documentary I was watching on the Discovery channel the other day about the American Civil War. The Confederates were using a code that was almost ancient and was cracked by the North. Despite that, it was actually an interesting method for encoding messages, but far too easy to crack these days.

[Dracho]

Is it legal to use DES outside the US yet?

That is pretty much the raison d'etre for the Canadian OpenBSD out of Winnipeg no?

DES (not Triple-DES) has already been cracked.