Patricia Hinman wrote:
> OOPS mistake corrected
> > I did stumble across a method call to a cryption()
> -------wrong crypt() is the method ------
>
> I have just discovered it is a unix function. It
> doesn't decrypt. One must always crypt user input then
> check for equality.
> if (crypt ($guess, $pass) eq $pass) {
> # guess is correct
> }
>
> I guess that means I can't use it on my Win98 box. I
> was really hoping for a platform independant method.
Hi Patricia,
I'm not sure how you extrapolate from the method used to Windows incompatibility.
That doesn't really seem like an OS thing. If you are using the encryption only for
authentication, this should work fine. There is no reason you really need to decrypt
the password. You only need to be assured that identical strings will always render
an identical encrypted value. the benefit is that the plain text never has to appear
anywhere, or be accessible through decryption, which closes the greatest potential
hole in password security.
Joseph
Joseph
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
