Okay. Thanks, now I have to figure out how to convert the hex string that the
php md5() function returns into something that I can compare with. I have a
funny feeling I'm going to end up writing my own md5 routine.
-Micah
On Wednesday 02 June 2004 02:00 pm, Jesse Norell wrote:
> > Yet, the auth function in mysqlauth.c uses the password as the salt:
> >
> > -- snip --
> > else if ( strcasecmp(__auth_row[2], "crypt") == 0)
> > {
> > trace (TRACE_DEBUG,"auth_validate(): validating using crypt()
> > encryption");
> > is_validated = (strcmp( (const char *) crypt(password,
> > __auth_row[1]), __auth_row[1]) == 0) ? 1 : 0;
> > }
> > -- snip --
> >
> > or am I misreading this?
>
> Nope, that's indeed how it works. The same thing works with md5 hash
> passwords, as the first 8 chars are the salt (and the same crypt()
> function handles them both).
>
>
> --
> Jesse Norell
>
> [EMAIL PROTECTED] is not my email address;
> change "administrator" to my first name.
> --
>
> _______________________________________________
> Dbmail-dev mailing list
> Dbmail-dev@dbmail.org
> http://twister.fastxs.net/mailman/listinfo/dbmail-dev
