MD5(MD5(pw)) OK?

Started by Joachim Zobelover 21 years ago2 messagesgeneral

jzobel@heute-morgen.de

over 21 years ago

Hi.

I am thinking about building a login, where the logged in users are
stored in a table logins. To make it shure and documented the users have
entered a password I want to store the MD5(pw) in logins. To make it
impossible to fake logins entries I plan to store the MD5(MD5(pw)) in
the users table and use this for authentication purposes.

This seems like a good idea to me. Does anybody see any flaws?

Thx,
Joachim

--
"... ein Geschlecht erfinderischer Zwerge, die fuer alles gemietet werden
koennen." - Bertolt Brecht - Leben des Galilei

tgl@sss.pgh.pa.us

over 21 years ago

In reply to: Joachim Zobel (#1)

Re: MD5(MD5(pw)) OK?

Joachim Zobel <jzobel@heute-morgen.de> writes:

I am thinking about building a login, where the logged in users are
stored in a table logins. To make it shure and documented the users have
entered a password I want to store the MD5(pw) in logins. To make it
impossible to fake logins entries I plan to store the MD5(MD5(pw)) in
the users table and use this for authentication purposes.

This seems like a good idea to me. Does anybody see any flaws?

Well, for one thing, it would be instantly apparent from the users table
if two users had chosen the same password.

You might want to copy the way things are done in the postgres pg_shadow
table, which from memory is something like MD5(MD5(pw) || username).

regards, tom lane