I figured out finally:)
Actually the random salt is always the first 2 character of the encryoted
password,
so this works fine now :
<?php
// "username","saltencryptedpass"
// "sean","VK3bOV.yYuXfw"
$cryptpass = "VK3bOV.yYuXfw";
$password = $_GET[p];
$salt = substr($cryptpass, 0, 2);
if (crypt($_GET['p'], $salt) == $cryptpass) {
echo "Password verified!";
}
?>
Thanks,
Andras
-----Original Message-----
From: Satyam [mailto:Satyam@xxxxxxxxxxxxx]
Sent: Thursday, August 30, 2007 3:00 PM
To: Andras Kende; php-general@xxxxxxxxxxxxx
Subject: Re: crypt salt question
No chance. Unless you have the salt stored along each password, your
passwords are as good as random texts
Satyam
----- Original Message -----
From: "Andras Kende" <andras@xxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Thursday, August 30, 2007 11:42 PM
Subject: crypt salt question
> Hello,
>
>
>
> I'm trying to move some app from postgresql to mysql but unable to find
> out
> how to authenticate
>
> against the current crypted passwords with php..
>
>
>
> insert to database:
>
>
>
> $cset =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
> $salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
> $password = crypt($password, $salt); //pass crypted version of password
> for further processing
>
>
>
> $result = pg_query ("INSERT INTO users (username, password) VALUES
> ('$username', '$password')");
>
>
>
> I read the crypt is one way encryption but how to compare the password
> entered with the encrypted
>
> version if don't know the salt ??
>
>
>
>
>
> Thanks,
>
>
>
> Andras
>
>
----------------------------------------------------------------------------
----
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007
20:21
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
