Patricia Hinman wrote: > OOPS mistake corrected > > I did stumble across a method call to a cryption() > -------wrong crypt() is the method ------ > > I have just discovered it is a unix function. It > doesn't decrypt. One must always crypt user input then > check for equality. > if (crypt ($guess, $pass) eq $pass) { > # guess is correct > } > > I guess that means I can't use it on my Win98 box. I > was really hoping for a platform independant method.
Hi Patricia, I'm not sure how you extrapolate from the method used to Windows incompatibility. That doesn't really seem like an OS thing. If you are using the encryption only for authentication, this should work fine. There is no reason you really need to decrypt the password. You only need to be assured that identical strings will always render an identical encrypted value. the benefit is that the plain text never has to appear anywhere, or be accessible through decryption, which closes the greatest potential hole in password security. Joseph Joseph -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]