It isn’t even funny, but a nice accidental wordplay in the title nonetheless.
Good password encryption is important. No way in hell you can get away with using anything as simple as MD5 these days. Sure, people shouldn’t have access to your user’s passwords (encrypted or not) in the first place, but when they do, you don’t want to have to run damage control afterwards. You want to have it all done and set up before-hand. You want that pesky intruder to curse at his screen, because he just wasted all his time for some overly complicated hashes he can’t do jack with.
Despite it being this important, lots of people mess it up frequently. Hopefully this is just because they are uninformed. It can be kind of hard though, good encryption, especially if you’re no expert in the field. Working on a system right now, the boss has requested a specific kind of encryption. Found a code sample in PHP, free to use. Currently in the process of rewriting (read: changing the variable and function names to match my own rules) it, and coming along nicely. It’s all sort of understandable so far, but then they start pulling stuff like a slow equals function. It’s mostly binary operations they perform, and it just gets me kind of lost.
Some of the things they do to properly encrypt a password, too. Apparently there’s all kinds of crazy stunts you can pull, like selecting an algorithm type in plain-text and then retrieving the correct function for it, or something along those lines. I really wish I understood this better, but I haven’t rewritten all functions yet, and I tend to pick things up as a write them, so there’s still hope.
Just remember kids: as discouraging as it may seem, good encryption is really important, and definitely worth learning new things for!