My mistake -- I'm wrong here.  Through a few emails I learned that it is a
32 character hex value that is returned, not a 32 char alphanumeric.  That
reduces my estimate of 63*10^48 to 340*10^36, still more than crypt though.
My bad, sorry to all who believed me without question!


On Tue, 24 Jun 2003, Peter Beckman wrote:

> md5 is also a one-way encryption.  crypt also provides 300*10^21 possible
> values, whereas md5 provides a possible 63*10^48, or
> 63000000000000000000000000000 * 10^21 possible values.  A little bit better
> security I'd say.  Crypt is fine, md5 is better (a lot better by the
> numbers).
> The salt doesn't matter -- it is part of the password.
> The first iteration, the salt is 8m.  The next one is v9.  The first two
> chars are the salt used, so the salt really doesn't make things more
> secure.  If you are storing the crypt value, you have to first select the
> value from your DB, get the first two chars (8m for this example) and do
> crypt($form['password'], "8m")
> in order to get 8m7UxPXfRw7/2 from crypt.
> With md5 you just say "md5($form['password'])" and send it to your select
> statement and see what happens.
> To answer your question, md5 is easier and more secure; however, your
> system is only as secure as your password, and if your password is
> "password" (one of the most popular passwords in the world) md5 nor crypt
> nor the best encryption will help you.
> Peter

Peter Beckman                                                  Internet Guy
[EMAIL PROTECTED]                   

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to