oops, miscounted a postion of the md5 parentheses :-0
Jason k Larson wrote:
First of all, the example you gave is only using one argument to the MD5
function.
Secondly, if you *want* to seed/salt the MD5 with a key you can use:
http://www.php.net/manual/en/ref.mhash.php
--
Jason k Larson
aka:
I don't see anywhere on that page where it shows using a seed. It shows
**selecting a hash algorithm**, but no salt. Maybe that's the second
argument that you're looking at.
Jason k Larson wrote:
First of all, the example you gave is only using one argument to the MD5
function.
Secondly, if
mhash (PHP 3= 3.0.9, PHP 4 )
mhash -- Compute hash
Description:
string mhash ( int hash, string data [, string key])
^ salt/seed/key - whatever you want to
call it
--
Jason k Larson
Dennis Gearon wrote:
I don't see anywhere on that page where it
What page is that on?
BTW, I figured out I could just prepend a long, complex string to
whatever I am hashing and it will 'seed' it before it gets to my stuff.
Jason k Larson wrote:
mhash (PHP 3= 3.0.9, PHP 4 )
mhash -- Compute hash
Description:
string mhash ( int hash, string data [, string
First of all, the example you gave is only using one argument to the MD5 function.
Secondly, if you *want* to seed/salt the MD5 with a key you can use:
http://www.php.net/manual/en/ref.mhash.php
--
Jason k Larson
aka: der Ritter
Dennis Gearon wrote:
The usage of md5() in PHPLIB show TWO arguments,
Having a wee bit o' trouble with a simple md5 script:
for ($x=1 ; $x 62 ; $x++) {
$mypass = sports . $x;
$mypass = md5($mypass);
dbConnect(UPDATE user_login SET password = '$mypass' WHERE
school_id
= $x);
}
For some reason, when I attempt to login with my
Exactly right, John.
Sorry to clutter the forum -- it was a varchar(30)!
Thanks,
--Noah
- Original Message -
From: John W. Holmes [EMAIL PROTECTED]
To: 'CF High' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 4:06 AM
Subject: RE: [PHP] md5 encrypt problem
On Mon, 17 Feb 2003, Vernon wrote:
I'm thinking that the MD5 function more than likely encrypts a password to
store into a database, and when you log in using the MD5 function it will
simply encrypt the value being passed along again the same way. Now I'm
wondering what happens when I user has
No, it's not reversable. When a user loses their password, you must
generate a new one. To stop malicious users from requesting a new
password for a user they dislike with a program (and stopping the user
from logging in, since their password keeps changing), a link with a
random code is
on 18/02/03 6:42 AM, Vernon ([EMAIL PROTECTED]) wrote:
When the user goes to login into the page though I have the encrypted
password echo to the page and they match except a 52 on the end of it which
I am assuming is a space or something being picked up on submit or
something. I recall there
on 18/02/03 3:59 AM, Vernon ([EMAIL PROTECTED]) wrote:
I'm thinking that the MD5 function more than likely encrypts a password to
store into a database, and when you log in using the MD5 function it will
simply encrypt the value being passed along again the same way. Now I'm
wondering what
If you do a password reset system please remember not to reset the
password before they confirm who they are.
This means instead of having them entering their login and email address
and immediatly resetting their password send the account owner an e-mail
with a link that will reset their
Very true -- forgot to mention that step :)
Thanks for the reminder!!
Justin
on 18/02/03 12:49 PM, Jason Sheets ([EMAIL PROTECTED]) wrote:
If you do a password reset system please remember not to reset the
password before they confirm who they are.
This means instead of having them
On Tuesday 18 February 2003 01:03, Greg Donald wrote:
md5 is one-way encryption. I use a password 'hint' field in conjunction
with md5.
It is not an encryption at all -- it's a hash. Encryption implies a
corresponding decryption, so a one-way encryption is either useless or an
oxymoron.
--
You reset the password to something new... either manually (a person) or
with a self-help script.
md5 is one way encryption.
Justin
on 24/12/02 12:38 AM, Edward Peloke ([EMAIL PROTECTED]) wrote:
I don't want to store my users passwords in the db as clear text so I know I
can use md5().
Edward Peloke wrote:
I don't want to store my users passwords in the db as clear text so I know I
can use md5(). But, what do I do when a user has forgotten his/her password
and I need to send it to them? Can I reverse md5()?
No. You send them a new password. Ideally, the only person who
On Monday 23 December 2002 14:38, Edward Peloke wrote:
[...] Can I reverse md5()?
No. You could only send the user a new password wich must be activated.
johannes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks Johannes and Chris! That is what I will do.
Eddie
-Original Message-
From: Johannes Schlueter [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 23, 2002 8:36 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP] md5()
On Monday 23 December 2002 14:38, Edward Peloke
On Friday 06 December 2002 15:41, conbud wrote:
Hey. Is there a way to get the actual word/phrase from the long string that
the md5 hash creates. Lets say, is there a way find out what
b9f6f788d4a1f33a53b2de5d20c338ac
stands for in actuall words ?
Consider this, md5() takes (practically) any
On Fri, 6 Dec 2002, conbud wrote:
Hey. Is there a way to get the actual word/phrase from the long string that
the md5 hash creates. Lets say, is there a way find out what
b9f6f788d4a1f33a53b2de5d20c338ac
stands for in actuall words ?
In all cases, an md5sum string means, You've got better
Show us the output of:
select login, password from user where login='sysdata';
My guess is that the password is not 1b1c2457d12dd976d4cfa556ac6661f6
- the md5 of sysdata.
Chris
Reymond wrote:
I have login = sysdata and
password = sysdata on md5 function
How to select md5 function
password's field int(20) ..??
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 11:17 AM
To: Reymond
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] md5() ...
Show us the output of:
select login, password from user where login='sysdata';
My guess
Upss sorry...
My password's field Varchar(20)
...
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 11:17 AM
To: Reymond
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] md5() ...
Show us the output of:
select login, password from user where
Yeah, that's a little short for md5, plus you want to allow alphabetic
characters, too.
Try varchar(32).
Happy hacking.
Chris
Reymond wrote:
This is output...
select login, password from User where login = 'sysdata';
+-+--+
| login | password |
Thank you...
I got it...
:)
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 11:44 AM
To: Reymond
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] md5() ...
Yeah, that's a little short for md5, plus you want to allow alphabetic
characters
On Sun, 16 Jun 2002, Danny Kruitbosch wrote:
-Hi,
-
-I'm trying to rewrite a perl finction to php. The function uses Digest::MD5.
-
-PHP md5() returns a 32 char hex number. The perl Digest::MD5 function
-returns a 16 char (ascii??) string. Can I also get this from PHP? If so
-how do I do that?
hehehyou forgot something :)
echo blah is actually blah\n
# echo -n blah |md5sum
6f1ed002ab5595859014ebf0951522d9 stdin
-d
Mikhail Avrekh wrote:
Hello,
Don't know if this is a question of (mis)configuration; I'm posting this
just in case someone had run into this before:
PHP's native
On Wed, 5 Dec 2001, Dan McCullough wrote:
-Is there away to take a md5 encrypted password and decrypt it and give that to the
client, if they
-fogot their password.
No.
-
-=
-dan mccullough
-
-Theres no such thing as a problem unless
I'm pretty sure you can't. You would have to set up an area where they can
have their password reset and the new password emailed to their email
address.
Jeff
- Original Message -
From: Dan McCullough [EMAIL PROTECTED]
To: PHP General List [EMAIL PROTECTED]
Sent: Wednesday, December 05,
Dan McCullough [EMAIL PROTECTED] wrote:
Is there away to take a md5 encrypted password and decrypt it and give
that to the client, if they
fogot their password.
Short answer is no, long answer below. I just answered this on another list
10 minutes ago so I'm pasting in part of my reply
excuse my ignorance on that field, but if I use md5 in a java server page
(jsp), can I decrypt it
in php ? Is the implemantation of md5 the same on both language ?
Sure, but you don't decrypt md5. You md5 again and compare the two md5's
-Rasmus
--
PHP General Mailing List
Subject: Re: [PHP] md5 on different platform
excuse my ignorance on that field, but if I use md5 in a java server
page
(jsp), can I decrypt it
in php ? Is the implemantation of md5 the same on both language ?
Well . . . the implementations *should* produce the same result, but md5
Yeah, I'm getting 2 and 0. Lame. What's the answer to this.
Go back to your PHP source directory and start digging through config.log
and config.cache or even re-run the configure to see what's going on with
various crypt libraries.
If you installed them in a non-standard place, maybe PHP
This is all better now.
I compiled with libmcrypt and php-4.0.6 at the same time, so I'm not sure
exactly which caused the fix, but it works now. Also, the perl module I
was using seemed to generate apache stype md5 hash, which is another
reason why authenticating with postgres and md5 hashes
not sure if you've gotten any help on this yet. perhaps test the
CRYPT_SALT_LENGTH and CRYPT_MD5 constants to make sure that your system
and compiled php support md5 via crypt(). also, what salts did you try?
note the comments at the bottom of
http://php.net/manual/en/function.crypt.php about
Well, I'm assuming, perhaps incorrectly that the perl modules I used
derived its md5 capabilities from the system. I did see all the comments
on the crypt() page and basically copied each one. When passing a md5
looking salt, crypt() doesn't seem to do anything special with it and my
salt
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get output of 12 and 1 (not 2 and 0) if md5 is supported in
crypt(), i think.
you compiled php on
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get output of 12 and 1 (not 2 and 0) if md5 is supported in
crypt(), i think.
Yeah, I'm getting 2 and
On Tue, 17 Jul 2001, Jeremy Hansen wrote:
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get output of 12 and 1 (not 2 and 0) if md5 is
On Tue, 17 Jul 2001, tc lewis wrote:
On Tue, 17 Jul 2001, Jeremy Hansen wrote:
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get
On Fri, 4 May 2001, Thimo von Rauchhaupt wrote:
Hi there assume that I had a password field in md5 format like this
$1$uJ8d$jJKOHnfh^79824/.
how do i compare an input password to the password that I sore in database
so it can return right or wrong password
Just compare the md5
Get Input password into $pwd
Get hashed password from db into $hashed_pwd
do compare like:
if (md5($pwd) == $hashed_pwd) { // good! }
Yamin Prabudy [EMAIL PROTECTED] wrote in message
004901c0d462$ff394240$[EMAIL PROTECTED]">news:004901c0d462$ff394240$[EMAIL PROTECTED]...
Hi there assume that I
Hi there assume that I had a password field in md5 format like this
$1$uJ8d$jJKOHnfh^79824/.
how do i compare an input password to the password that I sore in database
so it can return right or wrong password
Just compare the md5 hashed password with the md5 hashed string from the
database.
Dan Harrington wrote:
What is the best way to encrypt/decrypt strings when passing between
php pages?
If your encryption is meant to be anything near secure, there is only
one way:
DON'T
GET or POST-Parameters are for user-input. Handing information over to
the client and taking it back
GET or POST-Parameters are for user-input. Handing information over to the
client and taking it back later is a potential security leak. If you have
no means of revalidating the information after it crossed the so called
trust boundary, you should't do it.
Send a handler, some random and
If your encryption is meant to be anything near secure, there is only
one way:
DON'T
Well, this is true. I kinda just want to be able to pass things back and
forth without
giving the average user the ability to even have a clue as to what I am
doing. If
they can't see, they will have less
101 - 146 of 146 matches
Mail list logo
