On Tue, 8 Jan 2002, Mike Eheler wrote: > Is there any way to force PHP 4.1's crypt to generate crypt's with > 2-letter salts? We've written some apps that do things the hack way -- > if (crypt($pass,substr($pass,0,2)) == $cryptpass) -- and changing all of > them to work the extended way is a real pain the arse. That includes > changing all our password generation code to create 2-letter salts. > > Any help much appreciated. > > In short -- I want crypt() to work like it did in 4.0.6.
This is exactly the reason you should use a specific standard hash algorithm like MD5 or SHA-1 when encrypting passwords. The PHP crypt() call uses the system call crypt(), which might vary between different systems. Look at the PHP man pages for crypt() and the mcrypt package for more info on the subject. With mcrypt you can use whatever crypto function you need for compatibility. http://www.php.net/manual/en/function.crypt.php http://www.php.net/manual/en/ref.mcrypt.php -- patrik_wallstrom->foodfight->[EMAIL PROTECTED]>+46-709580442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
