[PHP] crypt() and md5
Rasmus Lerdorf
salt that starts with $1$ you should get an md5-encrypted password.
If you look in a passwd or shadow file that contains md5'ed passwords you
will see something like this:
$1$rZelmysN$Gj0rbqD76STIotGExxpna1
^^^^^^^^^^^^
SALT
So to generate a password like this you would do:
crypt($string,'$1$rZelmysN$');
-Rasmus
On Mon, 23 Apr 2001, Niklas Neumann wrote:
> Hello all,
>
> i would like to crypt a password as secure as possible.
> The documentation says crypt() will use DES unless MD5 is available.
>
> But in my case this doesn't seem to work.
>
> 'echo CRYPT_STD_DES ;' returns 1
> 'echo CRYPT_EXT_DES;' returns 0
> 'echo CRYPT_MD5;' returns 1
> 'echo CRYPT_BLOWFISH;' returns 0
>
> so i will asume, that MD5 is available on my system. But
> 'echo CRYPT_SALT_LENGTH;' returns 2
> and if i test 'crypt('test')'
> the string is only encrypted with DES.
>
> Anybody had similar expieriences? Is this a bug or an error on my side?
>
> Best regards
> Niklas Neumann
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general...@lists.php.net
For additional commands, e-mail: php-gene...@lists.php.net
To contact the list administrators, e-mail: php-lis...@lists.php.net
Niklas Neumann
i would like to crypt a password as secure as possible.
The documentation says crypt() will use DES unless MD5 is available.
But in my case this doesn't seem to work.
'echo CRYPT_STD_DES ;' returns 1
'echo CRYPT_EXT_DES;' returns 0
'echo CRYPT_MD5;' returns 1
'echo CRYPT_BLOWFISH;' returns 0
so i will asume, that MD5 is available on my system. But
'echo CRYPT_SALT_LENGTH;' returns 2
and if i test 'crypt('test')'
the string is only encrypted with DES.
Anybody had similar expieriences? Is this a bug or an error on my side?
Best regards
Niklas Neumann
--
"Ein Experte ist ein Mann, der hinterher genau sagen kann,
warum seine Prognose nicht gestimmt hat." - Winston Churchil
Niklas Neumann
[...]
> A bit mistakable I think.
> I'll give the translator a wink.
... if i can find a way to contact him. Anybody knows how to get a contact
for the german translation of the PHP documentation? Their names are listed
on the front page of the manual but no email addresses.
Niklas Neumann
Niklas Neumann
> That means that you do have MD5 crypt() support. If you simply provide a
> salt that starts with $1$ you should get an md5-encrypted password.
I know how to do it manually. But isn't crypt supposed to choose MD5-hashing
if it is available on the system php is running on?
I use PHP 4.0.4pl1 and md5 support is definitively available.
Btw.
> $1$rZelmysN$Gj0rbqD76STIotGExxpna1
> ^^^^^^^^^^^^
> SALT
Isn't this just a 8 chars SALT (rZelmysN)?
Rasmus Lerdorf
will be the default if you do not supply a salt. PHP will generate a
random DES salt for you. If you supply your own random MD5 salt and your
system's crypt() function supports MD5, then it will generate an
md5-encrypted string. That's just the way it works.
If you want PHP to always default to md5 crypt and generate random md5
salts for you then you should undefine PHP_STD_DES_CRYPT in php_config.h
and recompile PHP.
-Rasmus
On Mon, 23 Apr 2001, Niklas Neumann wrote:
Niklas Neumann
> If your system's crypt() function supports standard DES crypt, then that
> will be the default if you do not supply a salt. PHP will generate a
> random DES salt for you. If you supply your own random MD5 salt and your
> system's crypt() function supports MD5, then it will generate an
> md5-encrypted string. That's just the way it works.
Thanks, i reread the english documentation and there it's also explained this
way. But my german documentation says 'If no salt is supplied crypt() will
use a 2 chars des-salt per default unless md5 exists on your system. PHP will
then generate randomly a md5-salt.'. A bit mistakable I think.
I'll give the translator a wink.
Thanks again and best regards