Md5 and Salt in Mysql

how can "decode" the password stored in v开发者_开发百科arious e-commerce adding "salt". I'm not crypth experts... so, in past, i used something like:

SELECT * FROM mytable WHERE email=@email AND passwd=MD5(@pwd) 

MySql MD5 function accept only one parameter... How can i do if i have a Salt string ? Thanks

You need to add a column in mytable called salt and then retrieve this value when creating the MD5 Hash:

SELECT * FROM mytable WHERE email=@email AND passwd=MD5(salt + ':' +@pwd)

When inserting the record you would do:

INSERT INTO mytable(email, salt, passwd)
VALUES (@email, @salt, MD5(salt + ':' + @pwd)

Salt is a string you add to the beginning of text which should be encrypted.

Do it like: SELECT * FROM mytable WHERE email=@email AND passwd=MD5(CONCAT(@salt, @pwd))

That logic should be in the application, then you'll simply compare the calculated value against what's stored in the database.

(If not in the application, you could use functions in MySQL, but I wouldn't recommend that approach. I like to keep all application logic in one place if possible, not spread in different parts.)

If you run functions like that in the WHERE clauses of your query, MySQL will be unable to use an index on passwd because it has to calculate something for every value in the passwd column. Instead, do your salting and hashing in your application, then compare that final string against your stored info in a plain query that can use an index, like this

SELECT * FROM mytable WHERE email=@email AND passwd=@pwdhash