RE: [PHP] crypt salt question


I figured out finally:)
Actually the random salt is always the first 2 character of the encryoted
password,
so this works fine now :


<?php
// "username","saltencryptedpass"
// "sean","VK3bOV.yYuXfw"

$cryptpass = "VK3bOV.yYuXfw";

$password = $_GET[p];
$salt = substr($cryptpass, 0, 2);

if (crypt($_GET['p'], $salt) == $cryptpass) {
echo "Password verified!";
}
?>


Thanks,

Andras



-----Original Message-----
From: Satyam [mailto:Satyam@xxxxxxxxxxxxx]
Sent: Thursday, August 30, 2007 3:00 PM
To: Andras Kende; php-general@xxxxxxxxxxxxx
Subject: Re: [PHP] crypt salt question

No chance. Unless you have the salt stored along each password, your
passwords are as good as random texts

Satyam



----- Original Message -----
From: "Andras Kende" <andras@xxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Thursday, August 30, 2007 11:42 PM
Subject: [PHP] crypt salt question


Hello,



I'm trying to move some app from postgresql to mysql but unable to find
out
how to authenticate

against the current crypted passwords with php..



insert to database:



$cset =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
$salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
$password = crypt($password, $salt); //pass crypted version of password
for further processing



$result = pg_query ("INSERT INTO users (username, password) VALUES
('$username', '$password')");



I read the crypt is one way encryption but how to compare the password
entered with the encrypted

version if don't know the salt ??





Thanks,



Andras




----------------------------------------------------------------------------
----


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007
20:21

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
.

Relevant Pages

  • Re: Proposal for Lite Encryption for Login Form without SSL
    ... This way the password is not sent to the server ... simply copy the server-side salt used to hash the pw in the ... This would be the equivalent to a public key in public key encryption ... library or function that's readily available for both js and php. ...
    (comp.lang.php)
  • Re: [PHP] Framed & Linked Content
    ... PHP can echo the JavaScript that facilitates the break out. ... using a combination of the document ID, a timestamp, and salt, and md5 ... the encoding that validates the passed ID and timestamp. ... //display some random picture of a guy flipping you the bird and echo ...
    (php.general)
  • Re: [PHP] crypt salt question
    ... Unless you have the salt stored along each password, your passwords are as good as random texts ... Subject: crypt salt question ... against the current crypted passwords with php.. ... I read the crypt is one way encryption but how to compare the password ...
    (php.general)
  • Re: [PHP] Framed & Linked Content
    ... Is it possible to do this with PHP or is that the wrong side of ... using a combination of the document ID, a timestamp, and salt, and md5 ... die('Invalid document request.' ... //display some random picture of a guy flipping you the bird and echo out Don't steal my pictures ...
    (php.general)
  • Re: [PHP] Re: goto label
    ... > Ummmm, I rarely use the goto statement, and I do not advocate it for ... > like someone saying salt is bad for you, and so you never take salt ... And the understatement in my reply was that PHP does good by not ... programmers using PHP out there, ...
    (php.general)