Re: encrypt wierdness

Fri, 08 Jun 2001 02:57:22 -0700 

Just use the password() function, which will return a nice 16-byte 1-way encrypted 
string.

On Fri, 08 Jun 2001 00:04:18 -0700
Richard Ellerbrock <[EMAIL PROTECTED]> wrote:

> Ok, so you can obtain a random result (thought that was what random()
> was for), but still cannot understand how this could be usefull. I use
> encrypt to store password info in a database, but how do you compare the
> user entered password with the one in the database if the results vary
> the whole time? Please give me an application for this behaviour and I
> will be happy :-)
> 
> Tonu Samuel wrote:
> > 
> > On Thu, 7 Jun 2001, Richard Ellerbrock wrote:
> > 
> > > Looking at the encrypt function, it optionally takes a salt parameter. Using 
>encrypt without specifying a salt yields random results:
> > >
> > > mysql> select encrypt('qwerty');
> > > +-------------------+
> > > | encrypt('qwerty') |
> > > +-------------------+
> > > | V/3Wzqmp93fts     |
> > > +-------------------+
> > > 1 row in set (0.00 sec)
> > >
> > > mysql> select encrypt('qwerty');
> > > +-------------------+
> > > | encrypt('qwerty') |
> > > +-------------------+
> > > | W/55RyU1LdYN6     |
> > > +-------------------+
> > > 1 row in set (0.00 sec)
> > >
> > > How is this useful? Looking at the C crypt manpage, you MUST specify a salt:
> > >
> > > char *crypt(const char *key, const char *salt);
> > >
> > > So where does mysql get its salt from? Is it a random salt? This confused the 
>hell our of me for around an hour!
> > 
> > You should look MySQL manual not C crypt manpage ;). And yes, thisis
> > random salt and makes life little bit more secure.
> 
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
> 
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to