Encrypting passwords - 2 way or 1 way?

[djeyewater]

I think the answer to this will be both methods are as good as each other, but I'd like to check what others' opinions are anyway.

When dealing with user logins you can either store the password using PHP to encrypt the password e.g. using sha1(), or you can encrypt with mysql e.g. using AES_ENCRYPT (for mysqli) and a key which can be stored outside the site for security. Encrypting with mysql isn't as secure since the password can be decrypted, but this is also a benefit in that if someone forgets their password you can send them their password instead of having to reset it.

So, which method do you use, and do you have any preferences for one method over the other?

[alexgeek]

I just use md5(), it's great for encryption. If you're worried about security then just add a little SALT and the odds of the hash being brute forced is very low.

[Weird1993]

Like Alex, I also use md5().

[djeyewater]

Thanks for your replies, after reading them I had a look into sha1 and md5, it seems that md5 is more secure. I think maybe I will use md5 with a salt (probably unix time stamp generated when user registers and stored in the database) for storing passwords and 2 way encryption for the email address.