encrypting passwords

[Nothadoth]

I am using this to encrypt the password when the user changes his/her password:

 

$enewpass = crypt($newpass);

 

however, when i go to make the user login and do this it returns two different encrypted passwords that do not match despite the password being "test":

 

$password = crypt($_POST['password']);

 

 

 

Why? It is encrypting it differently each time. Can i make it encrypt it the same? Or decrypt it correctly?

 

Thanks

[per1os]

Try specifying a salt for it.

[quickstopman]

make your own encrypter

or just use md5

[Nothadoth]

could you help me do this?

[Yesideez]

At the start of your script make a salt. Here I'm going to define a constant:

define("STR_PWSALT",'fditaa7');

 

When you encrypt the password to make a 32 character hash use something like this:

$encpass=md5($password.STR_PWSALT);

 

That adds the salt onto the end of your password then encrypts the lot. That way if someone was to grab your PW hash from the database and try using a web hammer sort of thing on it the chances of them finding it out are greatly reduced. You can change th salt in the define() bit to whatever you want but make sure it stays the same to what you encrypt it as and what you are checking it with.

[Nothadoth]

I managed to do it with this:

 

$password = crypt($login['pass'], 'rl');

 

 

 

 

How do i unencrypt this for password recovery?

[thefortrees]

It is a one way hash - you can't recover it.

http://us.php.net/manual/en/function.crypt.php