On Thu, 7 Jun 2001, Richard Ellerbrock wrote:
> Looking at the encrypt function, it optionally takes a salt parameter. Using encrypt
>without specifying a salt yields random results:
>
> mysql> select encrypt('qwerty');
> +-------------------+
> | encrypt('qwerty') |
> +-------------------+
> | V/3Wzqmp93fts |
> +-------------------+
> 1 row in set (0.00 sec)
>
> mysql> select encrypt('qwerty');
> +-------------------+
> | encrypt('qwerty') |
> +-------------------+
> | W/55RyU1LdYN6 |
> +-------------------+
> 1 row in set (0.00 sec)
>
> How is this useful? Looking at the C crypt manpage, you MUST specify a salt:
>
> char *crypt(const char *key, const char *salt);
>
> So where does mysql get its salt from? Is it a random salt? This confused the hell
>our of me for around an hour!
You should look MySQL manual not C crypt manpage ;). And yes, thisis
random salt and makes life little bit more secure.
--
For technical support contracts, goto https://order.mysql.com/
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Tonu Samuel <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Security Administrator
/_/ /_/\_, /___/\___\_\___/ Tallinn, Estonia
<___/ www.mysql.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
