Generating Passwords
The md5() and crypt() functions encrypt passwords, but they cannot be unencrypted. These are one-way algorithms. You can verify that the users' password matches the password they were initially given by comparing the md5() or crypt() output of the password they use to subsequently enter the site. The two encrypted versions of the same string match (assuming that the same “salt” is used to create the password using the crypt() function).
This is good, because you never store a user's actual password. If your password file falls into the wrong hands, there is little that anybody can do with it. It is very hard to unencrypt a password encrypted by md5() or crypt(). Since you don't store the user's actual password, malicious ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access