Re: [PHP] strange crypt() problem

Fri, 20 Jun 2003 01:37:28 -0700 

If I use MD5 based encryption...would i have similar problem in the future
when i move the codes around to different server?

----- Original Message ----- 
From: "Jeff Harris" <[EMAIL PROTECTED]>
To: "Sævar Öfjörð" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 20, 2003 12:06 AM
Subject: RE: [PHP] strange crypt() problem


> It looks like "Some operating systems support more than one type of
> encryption. In fact, sometimes the standard DES-based encryption is
> replaced by an MD5-based encryption algorithm. The encryption type is
> triggered by the salt argument. At install time, PHP determines the
> capabilities of the crypt function and will accept salts for other
> encryption types. If no salt is provided, PHP will auto-generate a
> standard two character salt by default, unless the default encryption type
> on the system is MD5, in which case a random MD5-compatible salt is
> generated. PHP sets a constant named CRYPT_SALT_LENGTH which tells you
> whether a regular two character salt applies to your system or the longer
> twelve character salt is applicable."
>
> The first server you were using was using DES, this new server is using
> MD5. Since hashes are one-way algorithms, you appear to be SOL. However,
> you might be able to work something with mcrypt and someone who knows
> anything about it.
>
> http://www.php.net/manual/en/ref.mcrypt.php
>
> Jeff
>
> On Jun 19, 2003, "Sævar Öfjörð" claimed that:
>
> |
> |Well, if you don't find another solution for this, you could generate
> |random passwords for each member and mail them to them. Then you would
> |md5() them and update the DB with new md5()'ed passwords... This is not
> |the easy way out so I hope someone finds out why the crypt() is behaving
> |strangely.
> |
> |Sævar - ICELAND
> |
> |-----Original Message-----
> |From: Huzz [mailto:[EMAIL PROTECTED]
> |Sent: 19. júní 2003 22:43
> |To: [EMAIL PROTECTED]
> |Subject: Re: [PHP] strange crypt() problem
> |
> |I already have about 1000 members their password crypted using crypt();
> |would they able to login using their password or they have to change it
> |again??
> |
> |Thanks
> |
> |
> |"SævË Ölêöyp" <[EMAIL PROTECTED]> wrote in message
> |news:[EMAIL PROTECTED]
> |Try using md5() instead because it is more widely supported than crypt()
> |and it leaves no room for errors.
> |
> |Hope it helps,
> |Sævar ICELAND
> |
> |
> |-----Original Message-----
> |From: Huzz [mailto:[EMAIL PROTECTED]
> |Sent: 19. júní 2003 21:43
> |To: [EMAIL PROTECTED]
> |Subject: [PHP] strange crypt() problem
> |
> |I have this bit of code to crypt user password in user registration as
> |shown
> |below.
> |
> | $cryptpass=crypt($makepass);
> |which generated crypted password like eg 37Q9fppLHc4fQ with php 4.0
> |
> |And am using the codes below to check for valid login..
> |// $pass -  from login page
> |// $dbpass - from the database
> |     $pass=crypt($pass,substr($dbpass,0,2));
> |        }
> |        if (strcmp($dbpass,$pass)) {
> |                        return(0);
> |        }
> |
> |
> |Recently i have moved the same file to a new server with php 4.3.1 the
> |problem is the same piece of codes above generates completely differen
> |crypted  value eg.$1$RjZHv7qx$h/L9ZUNT48rilHB6fGoMP/  .. hence the login
> |codes above does not work... :(
> |
> |Please someone tell me that  i am not going mad....
> |
> |please help
> |huzz
> |
> -- 
> Registered Linux user #304026.
> "lynx -source http://jharris.rallycentral.us/jharris.asc | gpg --import"
> Key fingerprint = 52FC 20BD 025A 8C13 5FC6  68C6 9CF9 46C2 B089 0FED
>
>
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to