Posted by Vincent Pirez on 06/13/06 18:45

"David Haynes" <david.haynes2@sympatico.ca> wrote in message
news:2hwjg.28139$IQ3.12051@fe06.usenetserver.com...
> PHP has a function named 'crypt' that will encrypt strings in the same way
> the password is encrypted into the password file. It takes a password
> string and a salt string.
>
> The encryption algorithm may vary but is typically either a two character
> salt (CRYPT_STD_DES) or an MD5 salt (CRYPT_MD5). The MD5 encryptions are
> guaranteed to start with a '$' sign.
>
> So, for example, let's say your shadow entry is:
> web:$2$Hlpmlp9i$5VnapGyOuIzJFkPcrvE7a.:13007:0:99999:7:::
>
> This is a MD5 encrypted password.
>
> if( crypt($password, $salt) == '$2$Hlpmlp9i$5VnapGyOuIzJFkPcrvE7a.')) {
> // password is correct
> }
>
> Do you really want to pull all the shadow entries into a database? Why not
> read the file directly and explode() the entries? It seems to me that you
> will have synchronization issues the other way.
>
> -david-

Hi David,

Thanks for the great response. But how do I determine the matching salt?

Thanks,
Vince.

• Next in forum: Re: Linux System Users Login/Password?
• Prev in forum: when a value passed in form or q'string is empty..
• Thread view: Re: Linux System Users Login/Password?

[Reply to this message]