No, I'm sorry, I spoke out that thought to early!! At the university we used a PG_SQL database to store the passwords, and used the LDAP tree with all the user information and stuff to store the salt as well! How do your scripts operate on that with the PG_SQL database before migrating to mysql ... Greets, Jan -----Original Message----- From: Jan Reiter [mailto:the-fallen@xxxxxxx] Sent: Friday, August 31, 2007 12:07 AM To: 'Andras Kende'; PHP Mailing List Subject: RE: crypt salt question Hi! How did you do the comparison with the PG_SQL database?? I believe there is a UNIX function, able to retrieve the salt from a crypt string, or one that can do the comparison, without a slat given. But I'm not quite sure. I'm gonna investigate that. But how did you compare passwords before, when using a time based "random" salt? I understand you use the CRYPT_STD_DES method ... Greets, Jan -----Original Message----- From: Andras Kende [mailto:andras@xxxxxxxxx] Sent: Thursday, August 30, 2007 11:42 PM To: php-general@xxxxxxxxxxxxx Subject: crypt salt question Hello, I'm trying to move some app from postgresql to mysql but unable to find out how to authenticate against the current crypted passwords with php.. insert to database: $cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; $salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1); $password = crypt($password, $salt); //pass crypted version of password for further processing $result = pg_query ("INSERT INTO users (username, password) VALUES ('$username', '$password')"); I read the crypt is one way encryption but how to compare the password entered with the encrypted version if don't know the salt ?? Thanks, Andras -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
