0

I'm making a company back-end that should include a password-safe type feature. Obviously the passwords needs to be plain text so the users can read them, or at least "reversible" to plain text somehow, so I can't use hashes.

Is there anything more secure I can do than just placing the passwords in plain-text into the database?

Note: These are (mostly) auto-generated passwords that is never re-used for anything except the purpose they are saved for, which is mostly FTP server credentials.

Hubro
  • 56,214
  • 69
  • 228
  • 381
  • Real question: why do you need them to be reversible? You can't just autogenerate a new password for a user if they forget it? (is there some security rationale here?) – Jeff Tratner Jul 22 '12 at 23:43
  • @JeffTratner: They must be reversible because this is a password-safe. It's a feature for saving passwords to the FTP servers of clients. – Hubro Jul 23 '12 at 00:38
  • thanks for explaining :) I do feel a little silly for not understanding what a password-safe was. – Jeff Tratner Jul 23 '12 at 01:43

2 Answers2

2

You can use MySQL's ENCODE(), DES_ENCRYPT() or AES_ENCRYPT() functions, and store the keys used to encrypt in a secure location.

Ross Smith II
  • 11,799
  • 1
  • 38
  • 43
1

Use encryption. The passwords won't be in plain text so you'll have some security but it can be reversed.

The code in this answer should do the trick.

Community
  • 1
  • 1
John Conde
  • 217,595
  • 99
  • 455
  • 496