Today I have encrypted the passwords of my site.
On reflection, I should have done this at the very beginning of the project, not only for security reasons, but also for convenience. I was unaware that once a users profile had already been created before the encryption function had been implemented the database will not automatically encrypt these passwords after the function has been added. Every new users password after the encryption functionality is implemented is scrambled, however the previous user passwords will not be updated and encrypted.
Therefore I have had to carry out the following task on each users password.
By using this site: http://md5encryption.com/ I have had to encrypt the users passwords manually by using the following format: lg9[password]7sn. The lg9 part is ‘salt1’ of the password encryption and 7sn is the ‘salt2’ part of the encryption.
$salt = “1g9”;
$salt2 = “7sn”;
$password = md5($salt . $password . $salt2);
Although this took some time updating the database, it was a quicker task than deleting every user and re-creating them again!