1

I am implementing an application in which I must insert encrypted passwords into a MySQL database. Then retrieve the decrypted password from the database using md5 encryption in ColdFusion.

How can I use md5 encryption in ColdFusion with a MySQL database?

Community
  • 1
  • 1
Yugal
  • 1,635
  • 8
  • 21
  • 30
  • 1
    Using plain md5 is bad. Use at least a salt and preferably a Key derivation function like PBKDF2 – CodesInChaos Dec 22 '10 at 11:11
  • @CodeInChaos, the PBKDF2 is for creating derived keys. a salt != a key. A salt should not be predictable in any way. In other words, Password-Based Key Derivation Functions are not suitable for password hashing. – Jacco Dec 22 '10 at 13:40
  • @Jacco You usually put in the password and salt into the KDF. And I don't see why a KDF shouldn't be suitable for password hashing. So instead of calling MD5(password+salt) you call SomePBKDF(password,salt) – CodesInChaos Dec 22 '10 at 22:19
  • @CodeInChaos if the salt you use in the PBKDF is random, there is not real problem, it does add complexity without adding security. Adding complexity increases the chance of bugs. If the 'salt' you feed to the PBKDF is, for example, a system wide constant, than there is a real chance the constant is used on more than one system. As a result, the password hash is no longer unique; it even starts leaking information about the actual password used: if the hash is the same on two machines, the attacked learned what user(s) reuse their password for different systems. – Jacco Dec 23 '10 at 11:11
  • @CodeInChaos in your example, your PBKDF result is based on the password and a salt. If this salt is a system specific constant, than I can see if two or more users are using the same password. The bottom line in security is: use what is widely accepted as the best practice. If you try to 'improve' upon a best practice, you are most likely creating a weak scheme. Even more importantly, the strength of your scheme is not proven, only assumed. – Jacco Dec 23 '10 at 11:17
  • @Jacco The requirements for the seed stay the same regardless of what hash function is used. You need to use a good seed when you use md5 directly as in your post, and you need to use a good seed when passing into PBKDF2. The big advantage of not using md5 directly is that you can pass in an iteration count slowing down brute-force attacks. And AFAIK using PBKDF for password hashing is well established and considered to be superior to using a fast hashfunction. – CodesInChaos Dec 23 '10 at 13:29
  • For example the skein paper briefly mentions PBKDFs: "A Password-Based Key Derivation Function is used to derive cryptographic keys from relatively low-entropy passwords. The application stores a random seed S, asks the user for a password P, and then performs a long computation to combine S and P. This computation is deliberately inecient, often taking something like 100 ms of CPU time. This is acceptable if a user is logging into a computer system, but an attacker that tries to guess the password has to perform 100 ms worth of computations for every password he tries. ... – CodesInChaos Dec 23 '10 at 13:31
  • ... The seed S ensures that the attacker cannot precompute a table of common passwords and their results; the table would have to be recomputed for every S value." – CodesInChaos Dec 23 '10 at 13:31
  • @CodeInChaos, a PBKDF is designed to increase entropy and strengthen a password for use in as a cryptographic key. Maybe you should ask a question about using PBKDF2 instead of a good cryptographic hash here on SO. (and no, Md5 should not be used any more for any security related hashing) – Jacco Dec 23 '10 at 20:38
  • @CodeInChaos Why is plain md5 bad for encrypting password when a random salt is used? I have seen md5 used a lot and am just curious as to what the risk is. I saw a similar comment on the PHP documentation. – Lea Hayes Aug 16 '11 at 19:06
  • 1
    @Lea The biggest reason is that it is fast. And an attacker can thus hash many potential passwords in a short time. Thus constructs like pbkdf2 or bcrypt where you can pass in an iteration count parameter that determines how slow the function is are recommended. – CodesInChaos Aug 16 '11 at 19:38
  • @CodeInChaos How is an attacker going to know that it is a) md5 and b) what the salt is? or can that be somehow guessed at brute force? thanks! – Lea Hayes Aug 16 '11 at 19:57
  • 1
    @Lea It is assumed that the attacker gained full access to the server. Thus he knows your code and your database content. The per user part of the salt is usually stored in the db alongside the hash. And the per application part(if used at all) is stored some kind of config file can be obtained by the attacker if he has full access to the server and not just the db. – CodesInChaos Aug 16 '11 at 20:02

2 Answers2

3

md5 is a one way hash, it cannot be reversed.

You should never store decryptable passwords in the database. Store the md5 hash only. When the user tries to login, generate an md5 hash of the plain text password. Then compare it to the md5 hash stored in the db.

Community
  • 1
  • 1
Byron Whitlock
  • 52,691
  • 28
  • 123
  • 168
1

You can use md5 function that is available with mysql itself.

However, it in one-way algorithm.

You cannot decrypt it. You will need with md5 of given password against the stored one.

for more information, please check,

http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_md5

Nik
  • 4,015
  • 3
  • 20
  • 16
  • from the mysql documentation: "Caution Passwords or other sensitive values supplied as arguments to encryption functions are sent in plaintext to the MySQL server unless an SSL connection is used. Also, such values will appear in any MySQL logs to which they are written. To avoid these types of exposure, applications can encrypt sensitive values on the client side before sending them to the server. The same considerations apply to encryption keys. To avoid exposing these, applications can use stored procedures to encrypt and decrypt values on the server side." – Jacco Dec 22 '10 at 09:19