[Pmwiki-users] unix crypt passwords vs. md5 hash

Patrick R. Michaud pmichaud
Thu Apr 22 12:14:00 CDT 2004


On Thu, Apr 22, 2004 at 01:38:55AM +0200, Thomas -Balu- Walter wrote:
> http://www.php.net/manual/en/function.crypt.php
>    Some operating systems support more than one type of encryption. In
>    fact, sometimes the standard DES-based encryption is replaced by an
>    MD5-based encryption algorithm. 
> One problem might be that if you move an installation to a system with a
> different encryption method it will not work because the password is
> stored differently.

Actually, this is not normally a problem, because the encrypted form
of the password contains a "salt" that also indicates the type of
encryption that was used.  (Salt for the md5 algorithm always begins with 
'$1$'.)  Thus crypt() can correctly determine from the stored password 
which algorithm to use to verify the stored password.  Indeed, I know 
this is true because several of my sites had the crypt function switch 
from DES to MD5 based encryption and never had a hiccup.

Pm



More information about the pmwiki-users mailing list