Jump to content

md5() in mysql != md5() in php4 ???

Jointy

By Jointy
in MySQL Help

 Share

Recommended Posts

Jointy Newbie

Jointy

Posted
Posted

hallo,

 

Ich habe folgene Situation...

 

eine mysql tabelle (das passwort wird als sha1() hash abgelegt !!!)

 

username password created ......

 

die abfrage dafür lautet

 

[php:1:42abf792f6]

 

$query = \"SELECT MD5(password+created) AS hash, username, created

FROM user WHERE LOWER(username) = \".$strtolower($username);

 

// mysql kramm

 

// prüfung

if( $buf[\"hash\"] != md5(sha1($password).$buf[\"created\"]) )

{

// Failed Login

}

 

 

[/php:1:42abf792f6]

 

der sha1 hash im password feld ist \"aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d\" und created ist \"2003-10-22 18:03:40\"

 

der hash von mysql ist dann \"1bda96f9c3d659c31df37f7f58d2d8d9\" aber der von

 

[php:1:42abf792f6]

$password = \"hello\";

md5(sha1($password).$buf[\"created\"]) = \"eef482911243878d5668b7d9ea0323be\"

[/php:1:42abf792f6]

 

weis vieleicht jemand warum das so ist ??

 

ich benutze

w2ksp4 apache 2.0.46 /w php 4.3.3 and mysql 3.23.57-nt

 

thx & cya

Jointy

Link to comment
Share on other sites
pauper_i Newbie

pauper_i

Posted
Posted

Hi Jointy,

 

I\'m assuming you can probably read English so I\'ll keep it in this language so that others can check my answer:

 

From what I can understand with my very rusty German, you are not getting the same results from MySQL as you do from PHP with the MD5 checksum.

 

Looking at your code, however, you are using a double checksum and I think that that is where you may be hitting the problem. Try removing the SHA1 functions, leaving only the MD5 functions and it may cure your problem!

 

The SHA1 version is based on a different RFC from the MD5 version, although the two are fairly similar in their operation, the difference being the algorithm used where the MD5 version operates on 448 bits while the SHA1 version operates on 512 bits. You can read the RFCs for MD5 - RFC1321 and SHA-1 - RFC3174 for full details. (Is the SHA1 capability included in versions of both MySQL and PHP exported outside the US?)

 

Basically, you are calculating a checksum of the password, then creating a checksum of the checksum. I don\'t know whether you took this step in your original checksum of the database stored version, but one or the other is fine, you don\'t normally need both.

 

Could we see the code used to create the field \'MD5 AS hash\'?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.