No chance. Unless you have the salt stored along each password, your
passwords are as good as random texts
Satyam
----- Original Message -----
From: "Andras Kende" <andras@xxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Thursday, August 30, 2007 11:42 PM
Subject: crypt salt question
Hello,
I'm trying to move some app from postgresql to mysql but unable to find
out
how to authenticate
against the current crypted passwords with php..
insert to database:
$cset =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
$salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
$password = crypt($password, $salt); //pass crypted version of password
for further processing
$result = pg_query ("INSERT INTO users (username, password) VALUES
('$username', '$password')");
I read the crypt is one way encryption but how to compare the password
entered with the encrypted
version if don't know the salt ??
Thanks,
Andras
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007
20:21
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
