[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: RE: [PHP] crypt salt question
From: "Andras Kende" <andras () kende ! com>
Date: 2007-08-30 23:29:59
Message-ID: 009901c7eb5d$af66bc20$0e343460$ () com
[Download RAW message or body]
I figured out finally:)
Actually the random salt is always the first 2 character of the encryoted
password,
so this works fine now :
<?php
// "username","saltencryptedpass"
// "sean","VK3bOV.yYuXfw"
$cryptpass = "VK3bOV.yYuXfw";
$password = $_GET[p];
$salt = substr($cryptpass, 0, 2);
if (crypt($_GET['p'], $salt) == $cryptpass) {
echo "Password verified!";
}
?>
Thanks,
Andras
-----Original Message-----
From: Satyam [mailto:Satyam@satyam.com.ar]
Sent: Thursday, August 30, 2007 3:00 PM
To: Andras Kende; php-general@lists.php.net
Subject: Re: [PHP] crypt salt question
No chance. Unless you have the salt stored along each password, your
passwords are as good as random texts
Satyam
----- Original Message -----
From: "Andras Kende" <andras@kende.com>
To: <php-general@lists.php.net>
Sent: Thursday, August 30, 2007 11:42 PM
Subject: [PHP] crypt salt question
> Hello,
>
>
>
> I'm trying to move some app from postgresql to mysql but unable to find
> out
> how to authenticate
>
> against the current crypted passwords with php..
>
>
>
> insert to database:
>
>
>
> $cset =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
> $salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
> $password = crypt($password, $salt); //pass crypted version of password
> for further processing
>
>
>
> $result = pg_query ("INSERT INTO users (username, password) VALUES
> ('$username', '$password')");
>
>
>
> I read the crypt is one way encryption but how to compare the password
> entered with the encrypted
>
> version if don't know the salt ??
>
>
>
>
>
> Thanks,
>
>
>
> Andras
>
>
----------------------------------------------------------------------------
----
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007
20:21
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic