RE: [PHP] crypt salt question

---

• From: the-fallen@xxxxxxx ("Jan Reiter")
• Date: Fri, 31 Aug 2007 00:29:54 +0200

---

No, I'm sorry, I spoke out that thought to early!! At the university we used
a PG_SQL database to store the passwords, and used the LDAP tree with all
the user information and stuff to store the salt as well!

How do your scripts operate on that with the PG_SQL database before
migrating to mysql ...

Greets,
Jan

-----Original Message-----
From: Jan Reiter [mailto:the-fallen@xxxxxxx]
Sent: Friday, August 31, 2007 12:07 AM
To: 'Andras Kende'; PHP Mailing List
Subject: RE: [PHP] crypt salt question

Hi!

How did you do the comparison with the PG_SQL database?? I believe there is
a UNIX function, able to retrieve the salt from a crypt string, or one that
can do the comparison, without a slat given. But I'm not quite sure. I'm
gonna investigate that. But how did you compare passwords before, when using
a time based "random" salt? I understand you use the CRYPT_STD_DES method
....

Greets,
Jan

-----Original Message-----
From: Andras Kende [mailto:andras@xxxxxxxxx]
Sent: Thursday, August 30, 2007 11:42 PM
To: php-general@xxxxxxxxxxxxx
Subject: [PHP] crypt salt question

Hello,



I'm trying to move some app from postgresql to mysql but unable to find out
how to authenticate

against the current crypted passwords with php..



insert to database:



$cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
$salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
$password = crypt($password, $salt); //pass crypted version of password
for further processing



$result = pg_query ("INSERT INTO users (username, password) VALUES
('$username', '$password')");



I read the crypt is one way encryption but how to compare the password
entered with the encrypted

version if don't know the salt ??





Thanks,



Andras

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
.

---

• References:
  • crypt salt question
    • From: "Andras Kende"
  • RE: [PHP] crypt salt question
    • From: "Jan Reiter"

• Prev by Date: RE: [PHP] crypt salt question
• Next by Date: RE: [PHP] crypt salt question
• Previous by thread: RE: [PHP] crypt salt question
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: php inserts into DB ... database...the only problem is that it doesn't put anything in the database. ... // checks if the username is in use ... die('Your passwords did not match. ... (comp.lang.php) php inserts into DB ... I have some php code that is supposed to throw stuff into a database...the only problem is that it doesn't put anything in the database. ... // checks if the username is in use ... die('Your passwords did not match. ... (comp.lang.php) Re: Database security - PHP code ... > It had some great ideas, notably a method of removing the database ... > passwords from a file that can be read by the Apache web server. ... > protecting the files via group permissions or running php with suExec as ... (comp.lang.php) Re: Pathname to access and usernames in shortcut ... >> network drive (for maintenance reasons initially, ... >> using usernames but no passwords. ... change their passwords within the access database (they won't know how ... >> gets the current username from the system and then calls access (via the ... (microsoft.public.access.security) Re: security issues ... It was obviously never meant to be; multiple defences against it being ... The Ubuntu installer uses a framework called debconf to do ... when you're asking for passwords ... you take a lot of care to clean them out of the database ... (Ubuntu)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > PHP  > php.general  > 2007-08