mbrown Posted May 19, 2012 Share Posted May 19, 2012 How can you specify the salt but allow for all combinations? What I want to do is to utilize crypt to hash my passwords with a salt but as I am well aware each time it generates the hash, the salt is difference so the stored hash is different. If there a way to determine what the salt is? Either way when I know what the salt is, I will have to store it in my database table as the salt for each user will be different. Thanks M. Brown Quote Link to comment Share on other sites More sharing options...
requinix Posted May 19, 2012 Share Posted May 19, 2012 Actually yes: look at the initial characters of the outputted hash (how many of which depends on the hashing algorithm). But you did notice that you can pass crypt() your own salt, right? Quote Link to comment Share on other sites More sharing options...
The Letter E Posted May 19, 2012 Share Posted May 19, 2012 you only need to store the crypt'd password per, php.net example: /* You should pass the entire results of crypt() as the salt for comparing a password, to avoid problems when different hashing algorithms are used. (As it says above, standard DES-based password hashing uses a 2-character salt, but MD5-based hashing uses 12.) */ if (crypt($user_input, $password) == $password) { echo "Password verified!"; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.