[Pmwiki-users] unix crypt passwords vs. md5 hash

Thomas -Balu- Walter list+pmwiki-users
Wed Apr 21 17:39:03 CDT 2004


On Wed, Apr 21, 2004 at 10:13:05AM -0600, Patrick R. Michaud wrote:
> On Tue, Apr 20, 2004 at 03:18:08PM -0400, Kass Lloyd wrote:
> > This topic was brought to my mind when I installed Pmwiki on a machine
> > running PHP as a cgi instead of an apache module. The unix crypt feature
> > apparently is broken for cgi implementations of PHP including the most
> > recent version of PHP4.
> 
> Without reflecting on the merits of your other suggestions, are you
> certain that crypt() is the problem here?  Is this documented somewhere?
> I've seen and used a lot of cgi implementations of PHP that have no 
> problem with the crypt function.  In particular, if crypt() didn't work
> under CGI implementations I'd expect it to appear in the PHP documentation
> or comments somewhere, which it doesn't.  So, I'd like to see a test
> script installed somewhere that clearly demonstrates that crypt is
> broken.  

http://www.php.net/manual/en/function.crypt.php
   Some operating systems support more than one type of encryption. In
   fact, sometimes the standard DES-based encryption is replaced by an
   MD5-based encryption algorithm. 

One problem might be that if you move an installation to a system with a
different encryption method it will not work because the password is
stored differently.

IIRC there were also some problems where PHP binaries for windows were
distributed with crypt() disabled. But that was in 4.0 times.

      Balu



More information about the pmwiki-users mailing list