Hi! How did you do the comparison with the PG_SQL database?? I believe there is a UNIX function, able to retrieve the salt from a crypt string, or one that can do the comparison, without a slat given. But I'm not quite sure. I'm gonna investigate that. But how did you compare passwords before, when using a time based "random" salt? I understand you use the CRYPT_STD_DES method ... Greets, Jan -----Original Message----- From: Andras Kende [mailto:andras@xxxxxxxxx] Sent: Thursday, August 30, 2007 11:42 PM To: php-general@xxxxxxxxxxxxx Subject: crypt salt question Hello, I'm trying to move some app from postgresql to mysql but unable to find out how to authenticate against the current crypted passwords with php.. insert to database: $cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; $salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1); $password = crypt($password, $salt); //pass crypted version of password for further processing $result = pg_query ("INSERT INTO users (username, password) VALUES ('$username', '$password')"); I read the crypt is one way encryption but how to compare the password entered with the encrypted version if don't know the salt ?? Thanks, Andras -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
