I need to create a password verification program for a web application, and I'm not really sure where to start. Does anyone have any suggestions on what I should/need to do, particularly how I should store (and encrypt) the user data, and how to keep the sessions secure. Thanks.
Generally you do not decrypt passwords. What you do is store it encrypted, get the user's input, encrypt that and see if they match.
Since its for a web app I'd look into mysql/php since it has a nice combination of functions to make this happen (namily MD5() ). To keep the session secure look into using an SSL connection and session IDs
