> ----- Original Message -----
> From: "Ignat Ikryanov" <[EMAIL PROTECTED]>
> Sent: Wednesday, August 29, 2001 4:45 PM
> Subject: [PHP-DB] MD5 (' ')
> Hi!
> I use md5 function to encrypt users password stored in MySql database.
> When I try encrypt string 'asdf' using md5 function I
> retrieve:
> 912ec803b2ce49e4a541068d495ab570
> But in 'shodow' file of my linux (Debian 2.2 used MD5 to encrypt users
> password) 'asdf' string looks like:
> $1$arjq575D$rnHVFfcQE7.h2EgSU7yzQ1
> Why results are different?

Unix Shadow passwords are actually computed using an alogrithm, md5 is part
of that algorithm but not the entire thing.  You can immediately tell that
is not an md5 hash because all md5 hashes are 32 characters and this is 35.

Shadow passwords computed with this algorithm are start $1 and then have a 8
character salt surrounded by $'s.  The last part of the hash is 22
characters which
are computed by the algorithm.  So in the above string $1$ indicates that it
is a shadow
password, and arjq575D is the salt followed by $.  I looked around on google
for a bit, but
could not find the specifc algoritm Debian uses to compute the last 22
characters.  I'll let
you know if I find it.  You might also want to try this script:


I noticed it in the user notes for md5.  It says it makes FreeBSD style
shadow passwords
though, and I am not sure if FreeBSD uses the same algorithm as Debian or
(I also have not actually verified that the above script does ANYTHING =P )

Good luck.  I'll let you know if I find anything specific on Debian.

Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to