Password authentication - Page 1
I found a good web host recently, and have been working on a webpage. As an exercise, I'm building a user-based system from the ground up. What should I do for passwords? Obviously it wouldn't be a good idea to store the passwords in plain text in the database… I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions. Is this a good or feasible idea? If so, what sort of encryption algorithm would be useful?
Use a double encription matrix. Take a pass like CARS and make it a matrix [3 1 18 19] (alphanumeraic) multiply it by an (ex.)[15 32 66 58] then multiply that by [16 88 55 14] to encript it. To decript it (login) multilply the password by the inverse of the second then that product by the inverse of the first and you should be left with [3 1 18 19] and that should read as CARS or something. This'll only work if you know matricies and if double encription even works. I've only done single encription in math class (Algebra 2). :\
Well, the thing about that is security. If someone gained FTP access to my page, they could view the page source code to find the encryption, then decrypt every password in the database. For passwords, I wanted something that can't be decrypted, even if someone managed to get administrator access.
What I eventually decided on was a SHA-256 hash, by the way. All passwords are encrypted with this before being stored in the database, meaning that there is literally no way to decode them even if you can view it.