1

I am a beginner to all this, I am currently doing it as a module in my university assignment and currently not at university therefore I cannot get help there.

I am trying to encrypt the passwords I have stored in a user table, I have no idea what to do, I'm aware a lot of them can be decrypted and that is not something I want. The photo is of my current users table, the passwords are randomly generated - not encrypted. Can anyone please help me on how to hash my passwords and still make it possible to login properly, I am a complete beginner to all this and just need some guidance on solving this problem,

thanks.

CREATE TABLE databaseusers ( 
    databaseruser_id int(5) NOT NULL, 
    database_user varchar(25) NOT NULL, 
    database_password varchar(40) NOT NULL 
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

Users table enter image description here

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Ghost
  • 11
  • 2
  • That is so much more readable in the question than in a comment. It is also where people will expect to see all that associated information to help explain your question – RiggsFolly May 04 '21 at 13:27
  • Which programming language are you using to fill the table data? The answer will be different depending on the programming language. – Luis Crespo May 04 '21 at 16:39
  • Don't you want to **hash** the passwords instead of encrypting? You can start by using the built in [PASSWORD](https://dev.mysql.com/doc/refman/5.7/en/password-hashing.html) function when storing the user password – gusto2 May 04 '21 at 21:39
  • 1
    @gusto2 - The function [Password()](https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password) was never meant to be used with user passwords, it is unsafe and deprecated. – martinstoeckli May 05 '21 at 07:44
  • @Ghost, I am afraid you have to make a significant effort to research it yourself. StachOverflow is suited for asking on errors after you've done some research – HoRn May 05 '21 at 08:58

1 Answers1

1

You cannot safely store user passwords with SQL alone, you need a dedicated password-hash-function of your programming environment. Instead of encryption one should use hashing, the password is stored in a unretrieveable form then, but this is enough to do a verification of a login.

If your language is PHP, you can solve it with the password_hash() function, the field for the password hash should then be varchar(255):

// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($_POST['password'], PASSWORD_DEFAULT);

// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($_POST['password'], $existingHashFromDb);

Example code for PHP you can find in this answer and if you are interested in more information about safely storing passwords you may have a look at my tutorial.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87