[PHP] crypt() and md5
Hello all,
i would like to crypt a password as secure as possible.
The documentation says crypt() will use DES unless MD5 is available.
But in my case this doesn't seem to work.
'echo CRYPT_STD_DES ;' returns 1
'echo CRYPT_EXT_DES;' returns 0
'echo CRYPT_MD5;' returns 1
'echo CRYPT_BLOWFISH;'returns 0
so i will asume, that MD5 is available on my system. But
'echo CRYPT_SALT_LENGTH;' returns 2
and if i test 'crypt('test')'
the string is only encrypted with DES.
Anybody had similar expieriences? Is this a bug or an error on my side?
Best regards
Niklas Neumann
--
"Ein Experte ist ein Mann, der hinterher genau sagen kann,
warum seine Prognose nicht gestimmt hat." - Winston Churchil
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] crypt() and md5
Hy, > That means that you do have MD5 crypt() support. If you simply provide a > salt that starts with $1$ you should get an md5-encrypted password. I know how to do it manually. But isn't crypt supposed to choose MD5-hashing if it is available on the system php is running on? I use PHP 4.0.4pl1 and md5 support is definitively available. Btw. > $1$rZelmysN$Gj0rbqD76STIotGExxpna1 > > SALT Isn't this just a 8 chars SALT (rZelmysN)? Best regards Niklas Neumann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] crypt() and md5
Hello, > If your system's crypt() function supports standard DES crypt, then that > will be the default if you do not supply a salt. PHP will generate a > random DES salt for you. If you supply your own random MD5 salt and your > system's crypt() function supports MD5, then it will generate an > md5-encrypted string. That's just the way it works. Thanks, i reread the english documentation and there it's also explained this way. But my german documentation says 'If no salt is supplied crypt() will use a 2 chars des-salt per default unless md5 exists on your system. PHP will then generate randomly a md5-salt.'. A bit mistakable I think. I'll give the translator a wink. Thanks again and best regards Niklas Neumann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] crypt() and md5
Hello again, [...] > A bit mistakable I think. > I'll give the translator a wink. ... if i can find a way to contact him. Anybody knows how to get a contact for the german translation of the PHP documentation? Their names are listed on the front page of the manual but no email addresses. Niklas Neumann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sensitive Information (like CC)
> What's the best (secure?) way of transmitting sensitive information > over email? Leave the messages on the server and get them via pop3s. Outlook is capable of pop3 via ssl. Best regards Niklas Neumann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session variables and register_global
Hello,
is it meant that
session_register("test");
$GLOBALS['HTTP_SESSION_VARS']['test'] = 'Hello World!';
does not work properly (session variable test is not initialized with the
value 'Hello World!') if register_globals is turned on, but when it is
turned off?
Best regards
Niklas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
