Sure, but only the first eight characters of the password are actually
used to make the hash (IIRC).
On Tue, 2003-06-24 at 10:15, Hutchins, Richard wrote:
> I already admitted that this stuff was mostly over my head. However, I
> started messing around with it a bit and would like to know if the crypt()
> function would help Jerry out?
> I tried md5('password') twice in a row and it did return:
> Then I tried crypt('password') in a 10-step loop and got this:
> The code for all of the above if anybody is interested:
> echo md5('password')."</br>";
> echo md5('password')."</br></br>";
> echo "CRYPT with password</br>";
> echo crypt('password')."</br>";
> PHP.NET states that there is no decrypt function since crypt() is a one-way
> encryption. And given that, by default, it uses a random salt generated by
> PHP, why is this not as secure as an MD5 encrypted password? Of course, all
> of this is based on the supposition that the database is properly secured.
> I am, by no means, arguing with any of the advice already offered regarding
> the MD5 question. However, If what you're looking for is a different
> encryption result for the same password, crypt() seems to do it.
> Can somebody explain if this is less secure or less-preferable than MD5?
> Even if one were able to decipher the algorithm PHP uses for a crypt()
> operation, the salt is supposedly random so having the encryption algorithm
> would not be all that useful.
> Am I totally missing something here?
> > -----Original Message-----
> > From: Matt Schroebel [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, June 24, 2003 9:52 AM
> > To: JeRRy
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: [PHP-DB] md5 question!
> > > -----Original Message-----
> > > From: JeRRy [mailto:[EMAIL PROTECTED]
> > > Sent: Tuesday, June 24, 2003 9:50 AM
> > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > > Subject: Re: [PHP-DB] md5 question!
> > >
> > > So with md5 I can
> > > retrieve the passwords back to the user if they lose
> > > them via email.
> > No, you can't. You'll need to generate a new password, md5
> > it, store it
> > & mark it expired, timestamp it so it's only valid for, say,
> > 30 minutes,
> > email it, and finally, force the person to choose a new password when
> > they sign in.
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
Marco Tabini & Associates, Inc.
28 Bombay Avenue
Toronto, ON M3H 1B7
Phone: (416) 630-6202
Fax: (416) 630-5057
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php