On Tue, 17 Jul 2001, tc lewis wrote:
>
> try:
> <php echo(CRYPT_SALT_LENGTH); ?>
> <php echo(CRYPT_MD5); ?>
>
> or:
> <php echo constant("CRYPT_SALT_LENGTH"); ?>
> <php echo constant("CRYPT_MD5"); ?>
>
> you should get output of 12 and 1 (not 2 and 0) if md5 is supported in
> crypt(), i think.
>
> you compiled php on the system it's running on? if you used a binary rpm
> or something, and the system it was compiled on didn't support md5, then
> it won't work.
This I built from source. Hmm, if it uses system crpyt() then would using
mcrypt libs help with this?
I'll try the above.
-jeremy
> -tcl.
>
>
> On Tue, 17 Jul 2001, Jeremy Hansen wrote:
>
> >
> > Well, I'm assuming, perhaps incorrectly that the perl modules I used
> > derived its md5 capabilities from the system. I did see all the comments
> > on the crypt() page and basically copied each one. When passing a md5
> > looking salt, crypt() doesn't seem to do anything special with it and my
> > salt remains the same, first two character are taken like regular des.
> >
> > How would I go about testing the CRYPT_SALT_LENGTH and CRYPT_MD5
> > constants.
> >
> > Thanks
> > -jeremy
> >
> > On Tue, 17 Jul 2001, tc lewis wrote:
> >
> > >
> > > not sure if you've gotten any help on this yet. perhaps test the
> > > CRYPT_SALT_LENGTH and CRYPT_MD5 constants to make sure that your system
> > > and compiled php support md5 via crypt(). also, what salts did you try?
> > > note the comments at the bottom of
> > > http://php.net/manual/en/function.crypt.php about double-quoting $1$ and
> > > how it may be interpreted and how to escape the $ characters. also, i'm
> > > not sure if you need a $ character at the end of the salt string like in
> > > some of the examples on those comments or not. unfortunately, i don't
> > > have a system with php running right now to test.
> > >
> > > you may also want to investigate http://php.net/manual/en/ref.mhash.php
> > > depending on what kind of functionality you need. my guess is that
> > > crypt() would be suitable for you if it worked properly.
> > >
> > > -tcl.
> > >
> > >
> > > On Tue, 17 Jul 2001, Jeremy Hansen wrote:
> > >
> > > >
> > > > I'd like to use php to do what I'm able to do in perl.
> > > >
> > > > use String::Random;
> > > > use Crypt::PasswdMD5;
> > > >
> > > > $foo = new String::Random;
> > > >
> > > > $rand = $foo->randpattern("ss");
> > > >
> > > > print "Type in your password: ";
> > > >
> > > > $password = <STDIN>;
> > > >
> > > > $hash = unix_md5_crypt($password,$rand);
> > > >
> > > > $salt = substr($hash,3,2);
> > > >
> > > > print "SUBSTR: $salt\n";
> > > > print "HASH: $hash\n";
> > > > print "SALT: $rand\n";
> > > >
> > > > print "Type in your password: ";
> > > > $password_verify = <STDIN>;
> > > >
> > > > $hash_verify = unix_md5_crypt($password_verify,$salt);
> > > >
> > > > if ($hash eq $hash_verify) {
> > > > print "Good to go!\n";
> > > > print "HASH BEFORE: $hash\n";
> > > > print "HASH AFTER: $hash_verify\n";
> > > > } else {
> > > > print "You fuckered it up!\n";
> > > > print "HASH BEFORE: $hash\n";
> > > > print "HASH AFTER: $hash_verify\n";
> > > > }
> > > >
> > > > srv1:~$ ./crypt.pl
> > > > Type in your password: password
> > > > SUBSTR: Kd
> > > > HASH: $1$Kd$T9I3jUnJvGy0Ekfg2VobM0
> > > > SALT: Kd
> > > > Type in your password: password
> > > > Good to go!
> > > > HASH BEFORE: $1$Kd$T9I3jUnJvGy0Ekfg2VobM0
> > > > HASH AFTER: $1$Kd$T9I3jUnJvGy0Ekfg2VobM0
> > > >
> > > > I've looked at crypt() in php and it claims that if you pass it a salt
> > > > that resembles $1$ format, it should generate an md5 type hash, but this
> > > > doesn't seem to be the case for me. The crypt only looks at the first two
> > > > characters of the salt, no matter what, so my salt never changes because
> > > > it just seems $1.
> > > >
> > > > Thanks for explaining what I'm doing wrong.
> > > >
> > > > -jeremy
> > > >
> > > > --
> > > > salad.
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
> > --
> > salad.
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
--
salad.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
