I already admitted that this stuff was mostly over my head. However, I
started messing around with it a bit and would like to know if the crypt()
function would help Jerry out?
I tried md5('password') twice in a row and it did return:
Then I tried crypt('password') in a 10-step loop and got this:
The code for all of the above if anybody is interested:
echo "CRYPT with password</br>";
PHP.NET states that there is no decrypt function since crypt() is a one-way
encryption. And given that, by default, it uses a random salt generated by
PHP, why is this not as secure as an MD5 encrypted password? Of course, all
of this is based on the supposition that the database is properly secured.
I am, by no means, arguing with any of the advice already offered regarding
the MD5 question. However, If what you're looking for is a different
encryption result for the same password, crypt() seems to do it.
Can somebody explain if this is less secure or less-preferable than MD5?
Even if one were able to decipher the algorithm PHP uses for a crypt()
operation, the salt is supposedly random so having the encryption algorithm
would not be all that useful.
Am I totally missing something here?
> -----Original Message-----
> From: Matt Schroebel [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 24, 2003 9:52 AM
> To: JeRRy
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] md5 question!
> > -----Original Message-----
> > From: JeRRy [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, June 24, 2003 9:50 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: [PHP-DB] md5 question!
> > So with md5 I can
> > retrieve the passwords back to the user if they lose
> > them via email.
> No, you can't. You'll need to generate a new password, md5
> it, store it
> & mark it expired, timestamp it so it's only valid for, say,
> 30 minutes,
> email it, and finally, force the person to choose a new password when
> they sign in.
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php