RE: [PHP] strange crypt() problem

[Jeff Harris]

It looks like "Some operating systems support more than one type of
encryption. In fact, sometimes the standard DES-based encryption is
replaced by an MD5-based encryption algorithm. The encryption type is
triggered by the salt argument. At install time, PHP determines the
capabilities of the crypt function and will accept salts for other
encryption types. If no salt is provided, PHP will auto-generate a
standard two character salt by default, unless the default encryption type
on the system is MD5, in which case a random MD5-compatible salt is
generated. PHP sets a constant named CRYPT_SALT_LENGTH which tells you
whether a regular two character salt applies to your system or the longer
twelve character salt is applicable."

The first server you were using was using DES, this new server is using
MD5. Since hashes are one-way algorithms, you appear to be SOL. However,
you might be able to work something with mcrypt and someone who knows
anything about it.

http://www.php.net/manual/en/ref.mcrypt.php

Jeff

On Jun 19, 2003, "Sævar Öfjörð" claimed that:

|
|Well, if you don't find another solution for this, you could generate
|random passwords for each member and mail them to them. Then you would
|md5() them and update the DB with new md5()'ed passwords... This is not
|the easy way out so I hope someone finds out why the crypt() is behaving
|strangely.
|
|Sævar - ICELAND
|
|-----Original Message-----
|From: Huzz [mailto:[EMAIL PROTECTED]
|Sent: 19. júní 2003 22:43
|To: [EMAIL PROTECTED]
|Subject: Re: [PHP] strange crypt() problem
|
|I already have about 1000 members their password crypted using crypt();
|would they able to login using their password or they have to change it
|again??
|
|Thanks
|
|
|"SævË Ölêöyp" <[EMAIL PROTECTED]> wrote in message
|news:[EMAIL PROTECTED]
|Try using md5() instead because it is more widely supported than crypt()
|and it leaves no room for errors.
|
|Hope it helps,
|Sævar ICELAND
|
|
|-----Original Message-----
|From: Huzz [mailto:[EMAIL PROTECTED]
|Sent: 19. júní 2003 21:43
|To: [EMAIL PROTECTED]
|Subject: [PHP] strange crypt() problem
|
|I have this bit of code to crypt user password in user registration as
|shown
|below.
|
| $cryptpass=crypt($makepass);
|which generated crypted password like eg 37Q9fppLHc4fQ with php 4.0
|
|And am using the codes below to check for valid login..
|// $pass -  from login page
|// $dbpass - from the database
|     $pass=crypt($pass,substr($dbpass,0,2));
|        }
|        if (strcmp($dbpass,$pass)) {
|                        return(0);
|        }
|
|
|Recently i have moved the same file to a new server with php 4.3.1 the
|problem is the same piece of codes above generates completely differen
|crypted  value eg.$1$RjZHv7qx$h/L9ZUNT48rilHB6fGoMP/  .. hence the login
|codes above does not work... :(
|
|Please someone tell me that  i am not going mad....
|
|please help
|huzz
|
-- 
Registered Linux user #304026.
"lynx -source http://jharris.rallycentral.us/jharris.asc | gpg --import"
Key fingerprint = 52FC 20BD 025A 8C13 5FC6  68C6 9CF9 46C2 B089 0FED



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php