I’m trying to use AES encryption (AES_ENCRYPT in MySQL) for user passwords but I came up with a bunch of different problems.
This is the SQL query that I use to store a new user into the database:
INSERT INTO user VALUES (
'15',
'John',
'Doe',
'123 Fake St.',
AES_ENCRYPT('mypassword', 'mysalt'),
'mysalt'
)
Where the salt would be a random string in a real case.
It works fine. I mean, I’m able to retrieve the original password. In this example, AES_DECRYPT(user.password, 'mysalt') WHERE user.id = 15 retrieves mypassword. But I might be overlooking some things.
-
Is it secure to save the salt along with the password? Aside from security through obscurity thing.
-
What is the best format to store the hashed password? I’m using
VARBINARY but the stored string looks like8�p�����_�Z�\. -
And finally, how long should the password be and how long should the
salt be?
Thanks
Typically, there is no actual need to reverse encrypt a password. Having that ability inherently decreases the security of the system. Instead, use an irreversible hash function. I suggest SHA-256 (or larger) which produces a string result:
I have also frustrated bulk rainbow tables from being any use by rolling in other data always known at password validation time.
SHA2requires MySQL 5.5 or later. If you are using an earlier version,SHA1()is nearly as good, and generally much better thanMD5,AES, etc.