[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    RE: [PHP] crypt salt question
From:       "Andras Kende" <andras () kende ! com>
Date:       2007-08-30 23:29:59
Message-ID: 009901c7eb5d$af66bc20$0e343460$ () com
[Download RAW message or body]


I figured out finally:)
Actually the random salt is always the first 2 character of the encryoted
password,
so this works fine now :


<?php
// "username","saltencryptedpass"
// "sean","VK3bOV.yYuXfw"

$cryptpass = "VK3bOV.yYuXfw";

$password = $_GET[p];
$salt = substr($cryptpass, 0, 2);  

if (crypt($_GET['p'], $salt) == $cryptpass) {
  echo "Password verified!";
   }
?>


Thanks,

Andras



-----Original Message-----
From: Satyam [mailto:Satyam@satyam.com.ar] 
Sent: Thursday, August 30, 2007 3:00 PM
To: Andras Kende; php-general@lists.php.net
Subject: Re: [PHP] crypt salt question

No chance.  Unless you have the salt stored along each password, your 
passwords are as good as random texts

Satyam



----- Original Message ----- 
From: "Andras Kende" <andras@kende.com>
To: <php-general@lists.php.net>
Sent: Thursday, August 30, 2007 11:42 PM
Subject: [PHP] crypt salt question


> Hello,
>
>
>
> I'm trying to move some app from postgresql to mysql but unable to find 
> out
> how to authenticate
>
> against the current crypted passwords with php..
>
>
>
> insert to database:
>
>
>
> $cset = 
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
> $salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
> $password = crypt($password, $salt);   //pass crypted version of password
> for further processing
>
>
>
> $result = pg_query ("INSERT INTO users (username, password) VALUES
> ('$username', '$password')");
>
>
>
> I read the crypt is one way encryption but how to compare the password
> entered with the encrypted
>
> version if don't know the salt ??
>
>
>
>
>
> Thanks,
>
>
>
> Andras
>
>


----------------------------------------------------------------------------
----


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007 
20:21

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]