> ----- Original Message -----
> From: "Ignat Ikryanov" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, August 29, 2001 4:45 PM
> Subject: [PHP-DB] MD5 (' ')
>
>
> Hi!
> I use md5 function to encrypt users password stored in MySql database.
> When I try encrypt string 'asdf' using md5 function I
> retrieve:
> 912ec803b2ce49e4a541068d495ab570
> But in 'shodow' file of my linux (Debian 2.2 used MD5 to encrypt users
> password) 'asdf' string looks like:
> $1$arjq575D$rnHVFfcQE7.h2EgSU7yzQ1
>
> Why results are different?

Unix Shadow passwords are actually computed using an alogrithm, md5 is part
of that algorithm but not the entire thing.  You can immediately tell that
$1$arjq575D$rnHVFfcQE7.h2EgSU7yzQ1
is not an md5 hash because all md5 hashes are 32 characters and this is 35.

Shadow passwords computed with this algorithm are start $1 and then have a 8
character salt surrounded by $'s.  The last part of the hash is 22
characters which
are computed by the algorithm.  So in the above string $1$ indicates that it
is a shadow
password, and arjq575D is the salt followed by $.  I looked around on google
for a bit, but
could not find the specifc algoritm Debian uses to compute the last 22
characters.  I'll let
you know if I find it.  You might also want to try this script:

http://limonez.net/~jure/php/md5crypt.phps

I noticed it in the user notes for md5.  It says it makes FreeBSD style
shadow passwords
though, and I am not sure if FreeBSD uses the same algorithm as Debian or
not.
(I also have not actually verified that the above script does ANYTHING =P )

Good luck.  I'll let you know if I find anything specific on Debian.

Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company
www.foxjet.com


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to