By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,018 Members | 884 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,018 IT Pros & Developers. It's quick & easy.

crypt length

P: n/a
Just wondering, does anyone know if the crypt() function in PHP will always
return a 34 character string if not salted? I want to encrypt my user's
passwords into a database and I want to make sure I give the right length. I
have tried some tests on both windows platform and FreeBSD and it seems to
be consistent.

--
::Paul Fournier::
::Programmer/Analyst::
::Center for the Digital Arts::
::1455, boul. de Maisonneuve O., VA 03-1::
::Montreal, Quebec. H3G 1M8::
::Tel.848-2424 ext 4322, Cell.576-6451, Fax.848-4599::
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Paul Fournier wrote:
Just wondering, does anyone know if the crypt() function in PHP will always
return a 34 character string if not salted? I want to encrypt my user's
passwords into a database and I want to make sure I give the right length. I
have tried some tests on both windows platform and FreeBSD and it seems to
be consistent.


I can't answer your question on crypt() but I use md5() or sha1() and
they both return 32 and 40 characters length guaranteed everytime. They
generate hashes and thus cannot be decrypted but they are considered to
be unique.

I'd recommend md5() or sha1() ove rcrypt in part because I believe they
are compiled in the standard version of PHP and require no external
libraries that crypt() might require.

To test for a password, you store the encrypted version of the password
in your database or wahtever.

Then, when a user wants to gain access to the system, and they enter
their password, you re-hash their password and search for it in your
database - Both hashes should equal if they were entered exactly the
same (hashes can differ hugely ven if a capital letter or space is out
of place).

Does this help you any?

randelld
Jul 17 '05 #2

P: n/a
Yes it does randelld,

thanks for the tip. I'll look into it. It seems that md5 and sha1 both
use the same mechanism for validation that crypt uses so it'll be easy to
switch between all three if I wrap it up in an abstraction function.

--
::Paul Fournier::
::Programmer/Analyst::
::Center for the Digital Arts::
::1455, boul. de Maisonneuve O., VA 03-1::
::Montreal, Quebec. H3G 1M8::
::Tel.848-2424 ext 4322, Cell.576-6451, Fax.848-4599::
"Reply Via Newsgroup" <re****************@please.com> wrote in message
news:oix4c.789636$X%5.464697@pd7tw2no...
Paul Fournier wrote:
Just wondering, does anyone know if the crypt() function in PHP will always return a 34 character string if not salted? I want to encrypt my user's
passwords into a database and I want to make sure I give the right length. I have tried some tests on both windows platform and FreeBSD and it seems to be consistent.


I can't answer your question on crypt() but I use md5() or sha1() and
they both return 32 and 40 characters length guaranteed everytime. They
generate hashes and thus cannot be decrypted but they are considered to
be unique.

I'd recommend md5() or sha1() ove rcrypt in part because I believe they
are compiled in the standard version of PHP and require no external
libraries that crypt() might require.

To test for a password, you store the encrypted version of the password
in your database or wahtever.

Then, when a user wants to gain access to the system, and they enter
their password, you re-hash their password and search for it in your
database - Both hashes should equal if they were entered exactly the
same (hashes can differ hugely ven if a capital letter or space is out
of place).

Does this help you any?

randelld

Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.