Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

General Discussion

Joss Daniels
Joss Daniels
59,875 Points
Posted by Joss Daniels
Joss Daniels
59,875 Points

Secure passwords in MySQL - should I use MD5?

I've been told that MD5 is maybe not the best thing to use anymore? Can someone recommend the best thing to use for encypting passwords?

3 Answers

John Wheal
John Wheal
27,969 Points
John Wheal
John Wheal
27,969 Points

You should also salt the passwords.I personally use SHA1 as the hashing algorithm.

Jake Craige
Jake Craige
4,913 Points
Jake Craige
Jake Craige
4,913 Points

I've also heard of lots of people preferring SHA1 over MD5 for storing passwords. It's usually pretty simple to run an md5 hash through a dictionary and get a result. I'm not sure how well that works with SHA1, never done it.

James Barnett
James Barnett
39,199 Points
James Barnett
James Barnett
39,199 Points

Exploits have been documented for both the SHA and MD5 ciphers, so if you want to get ahead of the curve, you might consider going to SHA-2, using the SHA2() function.

source: http://www.databasejournal.com/features/mysql/how-mysql-protects-your-password.html