Home/ Questions/Q 6983077
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T18:22:18+00:00

I’m building a password protected login system for a site, and I have run

  • 0

I’m building a password protected login system for a site, and I have run into two MySQL functions to encrypt the user’s password: MD5() and ENCODE().

They both seem to encrypt it, but I want to use whichever one is more secure. Is there a clear winner here, or is it just a preference situation? Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here is a brief explanation of what each one does:

    • Encode: Encodes (does not encrypt) the string, and can also be decoded. Anyone who can run decode can get access to the password.
    • MD5: Encrypts the string, and is not supposed to be decryptable. The way you determine whether the password is correct is by comparing the two encrypted strings. However, the algorithm is badly flawed and should not be used.
    • SHA2 (string, 512): Encrypts the string, and is not supposed to be decryptable. The way you determine whether the password is correct is by comparing the two encrypted strings. This algorithm is far, far stronger than MD5.

    When it comes to using hashes (one-way encryption), it is a good practice to salt your hashes. This prevents potential attackers from using a database of known hashes to rapidly discover passwords.

    In short, encode is totally insecure, MD5 is insecure, and SHA2(string, 512) with salt is not a bad choice.

    • 0