Looking at the encrypt function, it optionally takes a salt parameter. Using encrypt 
without specifying a salt yields random results:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1732533 to server version: 3.23.37-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer

mysql> select encrypt('qwerty');
+-------------------+
| encrypt('qwerty') |
+-------------------+
| V/3Wzqmp93fts     |
+-------------------+
1 row in set (0.00 sec)

mysql> select encrypt('qwerty');
+-------------------+
| encrypt('qwerty') |
+-------------------+
| W/55RyU1LdYN6     |
+-------------------+
1 row in set (0.00 sec)

How is this useful? Looking at the C crypt manpage, you MUST specify a salt:

char *crypt(const char *key, const char *salt);

So where does mysql get its salt from? Is it a random salt? This confused the hell our 
of me for around an hour!

--
Richard Ellerbrock
[EMAIL PROTECTED]


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to