Secure password storage

Question

I\'m developing a web service where users must login. I will store user data in an SQL database and input/output via PHP. But I don\'t want to store it openly. How do I encr

Answer 1

There is the possibility to hash passwords (preferably with a salt):

$salt = random_string($length = 5);
$hash = $salt . sha1($salt . $password);

Or store encrypted (only if your MySQL connection is SSL secured):

INSERT INTO `user` (`user`,`pass`) VALUES("username",ENCRYPT("password","secretkey"))