Geek Answers Handbook

Where should I use the MD5 hash in the db columns directly (via a query) or although the function in front?

In the registration form of my web application, I have a password field. Now when I insert the data into the database on the submit button.

Approach 1:

I use the md5 function to generate a hash value and then store the encrypted data in a database.

Approach 2:

I use a query in MySql to directly convert the data of a particular column to a hash value.

Which approach has less overhead and which one is more secure network. Please, help?

Database Used: MySql 5, FrontEnd: Java

+4
source share
3 answers

It will be safer to first encrypt the data and then paste it into mysql. Otherwise, the data can be "sniffed" while listening to traffic between the application server and the database.

Another point to consider when using MD5 is to use the salt value. MD5 is susceptible to brute force attack if salt is not used. Using salt means adding a daily line to the value entered by the user before calculating MD5 and storing it in the database.

For example, if the user-entered value is "ABC" and your salt value is "12345", you will calculate MD5 for "ABC12345".

+3
source

You must save the encrypted password in the database. And when you want to authenticate, you have to compare two encrypted strings. This is not a question of overhead, it is a security question (which is why you should consider real encryption instead of hashing).

0
source

You must definitively calculate the hash, encrypt it at the application level. This will protect you from replay and MiM attacks. Storing encrypted hashes instead of encrypting the password in clear text will add an additional level of security for your users, because if your database needs to be hacked, an attacker will not be able to use this information on other sites (since people tend to use the same passwords).

IMO, security must be confronted with performance when dealing with sensitive information.

0
source

More articles:


All Articles