> On Dec 10, 2004, at 5:24 PM, [EMAIL PROTECTED] wrote: >> Thanks for the reply, the problem though is if you crypt the current >> password it does not turn out like the encrypted password above. I get >> different results when using the function from the link you provided. >> This >> is the password I get when I encrypt the same password in the original >> email: >> >> $1$34201110$1qOlP6BW44jKvA66l7q7F0 >> >> and if I refresh it: >> >> $1$20202818$O9l6HCdGD19SqriwI8F4k0 > > That's expected. The first 11 (or so) characters are random data > called the "salt". The actual password (encoded using the salt) > appears after the salt. > > This is done to make it more difficult to build a dictionary of > encrypted passwords. Any given cleartext password can have a large > number of possible encrypted versions. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > Info on the Sniffter hand-held Network Tester: http://sniffter.com/ > >
So what happens when I try to authenticate to the db? If I get the crypted password and do a query such as: SELECT * FROM table WHERE user = 'user' AND password = 'encryptedpassword' It would obviously not work since it tries to do an exact match correct? Robert
