Well, I'm assuming, perhaps incorrectly that the perl modules I used
derived its md5 capabilities from the system. I did see all the comments
on the crypt() page and basically copied each one. When passing a md5
looking salt, crypt() doesn't seem to do anything special with it and my
salt remains the same, first two character are taken like regular des.
How would I go about testing the CRYPT_SALT_LENGTH and CRYPT_MD5
constants.
Thanks
-jeremy
On Tue, 17 Jul 2001, tc lewis wrote:
>
> not sure if you've gotten any help on this yet. perhaps test the
> CRYPT_SALT_LENGTH and CRYPT_MD5 constants to make sure that your system
> and compiled php support md5 via crypt(). also, what salts did you try?
> note the comments at the bottom of
> http://php.net/manual/en/function.crypt.php about double-quoting $1$ and
> how it may be interpreted and how to escape the $ characters. also, i'm
> not sure if you need a $ character at the end of the salt string like in
> some of the examples on those comments or not. unfortunately, i don't
> have a system with php running right now to test.
>
> you may also want to investigate http://php.net/manual/en/ref.mhash.php
> depending on what kind of functionality you need. my guess is that
> crypt() would be suitable for you if it worked properly.
>
> -tcl.
>
>
> On Tue, 17 Jul 2001, Jeremy Hansen wrote:
>
> >
> > I'd like to use php to do what I'm able to do in perl.
> >
> > use String::Random;
> > use Crypt::PasswdMD5;
> >
> > $foo = new String::Random;
> >
> > $rand = $foo->randpattern("ss");
> >
> > print "Type in your password: ";
> >
> > $password = <STDIN>;
> >
> > $hash = unix_md5_crypt($password,$rand);
> >
> > $salt = substr($hash,3,2);
> >
> > print "SUBSTR: $salt\n";
> > print "HASH: $hash\n";
> > print "SALT: $rand\n";
> >
> > print "Type in your password: ";
> > $password_verify = <STDIN>;
> >
> > $hash_verify = unix_md5_crypt($password_verify,$salt);
> >
> > if ($hash eq $hash_verify) {
> > print "Good to go!\n";
> > print "HASH BEFORE: $hash\n";
> > print "HASH AFTER: $hash_verify\n";
> > } else {
> > print "You fuckered it up!\n";
> > print "HASH BEFORE: $hash\n";
> > print "HASH AFTER: $hash_verify\n";
> > }
> >
> > srv1:~$ ./crypt.pl
> > Type in your password: password
> > SUBSTR: Kd
> > HASH: $1$Kd$T9I3jUnJvGy0Ekfg2VobM0
> > SALT: Kd
> > Type in your password: password
> > Good to go!
> > HASH BEFORE: $1$Kd$T9I3jUnJvGy0Ekfg2VobM0
> > HASH AFTER: $1$Kd$T9I3jUnJvGy0Ekfg2VobM0
> >
> > I've looked at crypt() in php and it claims that if you pass it a salt
> > that resembles $1$ format, it should generate an md5 type hash, but this
> > doesn't seem to be the case for me. The crypt only looks at the first two
> > characters of the salt, no matter what, so my salt never changes because
> > it just seems $1.
> >
> > Thanks for explaining what I'm doing wrong.
> >
> > -jeremy
> >
> > --
> > salad.
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
--
salad.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
