[PHP] PHP 4.1 crypt()
Is there any way to force PHP 4.1's crypt to generate crypt's with 2-letter salts? We've written some apps that do things the hack way -- if (crypt($pass,substr($pass,0,2)) == $cryptpass) -- and changing all of them to work the extended way is a real pain the arse. That includes changing all our password generation code to create 2-letter salts. Any help much appreciated. In short -- I want crypt() to work like it did in 4.0.6. Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP 4.1 crypt()
On Tue, 8 Jan 2002, Mike Eheler wrote: Is there any way to force PHP 4.1's crypt to generate crypt's with 2-letter salts? We've written some apps that do things the hack way -- if (crypt($pass,substr($pass,0,2)) == $cryptpass) -- and changing all of them to work the extended way is a real pain the arse. That includes changing all our password generation code to create 2-letter salts. Any help much appreciated. In short -- I want crypt() to work like it did in 4.0.6. This is exactly the reason you should use a specific standard hash algorithm like MD5 or SHA-1 when encrypting passwords. The PHP crypt() call uses the system call crypt(), which might vary between different systems. Look at the PHP man pages for crypt() and the mcrypt package for more info on the subject. With mcrypt you can use whatever crypto function you need for compatibility. http://www.php.net/manual/en/function.crypt.php http://www.php.net/manual/en/ref.mcrypt.php -- patrik_wallstrom-foodfight-[EMAIL PROTECTED]+46-709580442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP 4.1 crypt()
It's too late for that. And I don't believe that the system's crypt() function just magically changed at exactly the same time we upgraded to PHP 4.1 Mike Patrik Wallstrom wrote: On Tue, 8 Jan 2002, Mike Eheler wrote: Is there any way to force PHP 4.1's crypt to generate crypt's with 2-letter salts? We've written some apps that do things the hack way -- if (crypt($pass,substr($pass,0,2)) == $cryptpass) -- and changing all of them to work the extended way is a real pain the arse. That includes changing all our password generation code to create 2-letter salts. Any help much appreciated. In short -- I want crypt() to work like it did in 4.0.6. This is exactly the reason you should use a specific standard hash algorithm like MD5 or SHA-1 when encrypting passwords. The PHP crypt() call uses the system call crypt(), which might vary between different systems. Look at the PHP man pages for crypt() and the mcrypt package for more info on the subject. With mcrypt you can use whatever crypto function you need for compatibility. http://www.php.net/manual/en/function.crypt.php http://www.php.net/manual/en/ref.mcrypt.php -- patrik_wallstrom-foodfight-[EMAIL PROTECTED]+46-709580442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP 4.1 crypt()
On Tue, 8 Jan 2002, Mike Eheler wrote: It's too late for that. And I don't believe that the system's crypt() function just magically changed at exactly the same time we upgraded to PHP 4.1 According to the crypt() man page, crypt() can use four methods of encryption: CRYPT_STD_DES - Standard DES-based encryption with a two character salt CRYPT_EXT_DES - Extended DES-based encryption with a nine character salt CRYPT_MD5 - MD5 encryption with a twelve character salt starting with $1$ CRYPT_BLOWFISH - Blowfish encryption with a sixteen character salt starting with $2$ You should check which method your crypt() method used before changing PHP version, and use the mcrypt specific method. You did backup the old php installation, right? -- patrik_wallstrom-foodfight-[EMAIL PROTECTED]+46-709580442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP 4.1 crypt()
Too late for that, too.. in addition to providing web hosting for hundreds of sites, we are also a web development company and have 2 major websites out there using extended php 4.1 features. We need STD_DES, and it appears that PHP 4.1 has switched to using MD5 by default. Thanks for your help! I'll see what I can do. Mike Patrik Wallstrom wrote: On Tue, 8 Jan 2002, Mike Eheler wrote: It's too late for that. And I don't believe that the system's crypt() function just magically changed at exactly the same time we upgraded to PHP 4.1 According to the crypt() man page, crypt() can use four methods of encryption: CRYPT_STD_DES - Standard DES-based encryption with a two character salt CRYPT_EXT_DES - Extended DES-based encryption with a nine character salt CRYPT_MD5 - MD5 encryption with a twelve character salt starting with $1$ CRYPT_BLOWFISH - Blowfish encryption with a sixteen character salt starting with $2$ You should check which method your crypt() method used before changing PHP version, and use the mcrypt specific method. You did backup the old php installation, right? -- patrik_wallstrom-foodfight-[EMAIL PROTECTED]+46-709580442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP 4.1 crypt()
On Tue, 8 Jan 2002, Mike Eheler wrote: Too late for that, too.. in addition to providing web hosting for hundreds of sites, we are also a web development company and have 2 major websites out there using extended php 4.1 features. We need STD_DES, and it appears that PHP 4.1 has switched to using MD5 by default. Thanks for your help! I'll see what I can do. If you really really need STD_DES for PHP 4.1, check the source code in ext/standard/crypt.c and force it to use STD_DES and recompile. From crypt.c: /* The capabilities of the crypt() function is determined by the test programs run by configure from aclocal.m4. They will set PHP_STD_DES_CRYPT, PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate for the target platform */ -- patrik_wallstrom-foodfight-[EMAIL PROTECTED]+46-709580442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]