My mistake -- I'm wrong here. Through a few emails I learned that it is a 32 character hex value that is returned, not a 32 char alphanumeric. That reduces my estimate of 63*10^48 to 340*10^36, still more than crypt though. My bad, sorry to all who believed me without question! Beckman On Tue, 24 Jun 2003, Peter Beckman wrote: > md5 is also a one-way encryption. crypt also provides 300*10^21 possible > values, whereas md5 provides a possible 63*10^48, or > 63000000000000000000000000000 * 10^21 possible values. A little bit better > security I'd say. Crypt is fine, md5 is better (a lot better by the > numbers). > > The salt doesn't matter -- it is part of the password. > > The first iteration, the salt is 8m. The next one is v9. The first two > chars are the salt used, so the salt really doesn't make things more > secure. If you are storing the crypt value, you have to first select the > value from your DB, get the first two chars (8m for this example) and do > crypt($form['password'], "8m") > in order to get 8m7UxPXfRw7/2 from crypt. > > With md5 you just say "md5($form['password'])" and send it to your select > statement and see what happens. > > To answer your question, md5 is easier and more secure; however, your > system is only as secure as your password, and if your password is > "password" (one of the most popular passwords in the world) md5 nor crypt > nor the best encryption will help you. > > Peter --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@purplecow.com http://www.purplecow.com/ --------------------------------------------------------------------------- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
