Hello,
I am trying to create an interactive/SSO system between coldfusion and php/mysql. The password is encrypted on the PHP side using crypt() and MD5, using a unique 12-character user salt, and stored in the database. The issue I am having is that I am having a hard time recreating the resulting string on the coldfusion side; I can hash the password using MD5 in coldfusion, but the resulting string does not match the string encrypted on the PHP side.
How the crypt function apply the salt when MD5ing an input string? Prepend, append, or something different?
Thanks,
Oli
php CRYPT() function with MD5
Moderator: General Moderators
Re: php CRYPT() function with MD5
Salt goes before.
Code: Select all
<?php
md5($salt.$password);
?>
=3Re: php CRYPT() function with MD5
Thank you...so is
Code: Select all
<?php
md5($salt.$password);
?>
the same asCode: Select all
<?php
crypt($password,$salt);
?>
?Re: php CRYPT() function with MD5
One returns a hex number the other returns a string. You also need to make crypt do md5.
http://cr.php.net/manual/en/function.crypt.php
http://cr.php.net/manual/en/function.crypt.php
Re: php CRYPT() function with MD5
yes, that is what I am doing with the user input:
crypt($password, $user_salt) // user salt is in the format $1$xxxxxxxx$ for MD5
question is, how do I generate that same string using MD5?
crypt($password, $user_salt) // user salt is in the format $1$xxxxxxxx$ for MD5
question is, how do I generate that same string using MD5?
Re: php CRYPT() function with MD5
Try playing with this function, I'm not sure it will work exactly for all cases so try testing it carefully. Pass the md5 $hex number...
Code: Select all
function hex2string($hex)
{
$string='';
for ($i=0; $i < strlen($hex)-1; $i+=2)
{
$string .= chr(hexdec($hex[$i].$hex[$i+1]));
}
return $string;
}Re: php CRYPT() function with MD5
Thanks...that one didn't do it, unfortunately. In this case, PHP is doing exactly what it is supposed to, but I can't figure out how to make Coldfusion do what PHP is doing; for example, when I use the PHP md5() function and the Coldfusion hash() function, the result is identical...however, when I throw the crypt() function in there with a salt in PHP, I can no longer replicate it in Coldfusion.
It seems that if I can replicate exactly the steps that the crypt function takes to combine the salt and the string, I should be able to figure this out, right?
It seems that if I can replicate exactly the steps that the crypt function takes to combine the salt and the string, I should be able to figure this out, right?
Re: php CRYPT() function with MD5
So erm, what's wrong with just using md5, rather than crypt? o.o