Which is best encryption method base 64 or MD5?

Base 64 is not an encryption mechanism, it is an encoding scheme. It is easily reversed, so it is not a good choice for protecting critical data.

The common approach for passwords is to hash them with something like MD5, and then store the hash. When the user logs in again, hash the input password, and compare that to the stored hash.

If the user forgets his password, you should not be able to tell him what it is. Instead, allow him to reset it to something else (presumably something he can remember).

Also, as @Phil Brown mentions, MD5 is not considered a strong encryption mechanism. SHA-1 would be better suited for this task.

Base 64 encoding is generally used to transmit binary data over a mechanism that only allows ASCII text.


Base64 is not encryption, it is an easily reversible encoding mechanism. MD5 is a one-way cryptographic hash, though its use is not recommended because it is cryptographically weak.

For your needs you probably want to store the hash of the password (better with salt), probably using SHA-256 or better. When users forget their password, you generate a random one-time use password for them and force them to recreate a password, or just make them do it after verifying some credentials.


Base64 and MD5 are not encryption methods. Base64 is simply a way of encoding characters, which provides absolutely no security - it is as good as storing the password in plain text. MD5 is a hash function, which means it is one-way and cannot be decrypted.

Hashing is definitely the way to go. MD5 is okay, but you should switch to a more secure function such as SHA-256.

As for a "forgot password" feature, never store the user's password and send it back to them. Instead, generate a (random) temporary password for them so that they can login and change it.

Tags:

Encryption