php CRYPT() function with MD5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oliro
Forum Newbie
Posts: 4
Joined: Fri Jul 03, 2009 9:19 am

php CRYPT() function with MD5

Post by oliro »

Hello,

I am trying to create an interactive/SSO system between coldfusion and php/mysql. The password is encrypted on the PHP side using crypt() and MD5, using a unique 12-character user salt, and stored in the database. The issue I am having is that I am having a hard time recreating the resulting string on the coldfusion side; I can hash the password using MD5 in coldfusion, but the resulting string does not match the string encrypted on the PHP side.

How the crypt function apply the salt when MD5ing an input string? Prepend, append, or something different?

Thanks,
Oli
Sephern
Forum Commoner
Posts: 73
Joined: Sun Jan 04, 2009 4:44 pm

Re: php CRYPT() function with MD5

Post by Sephern »

Salt goes before.

Code: Select all

<?php
md5($salt.$password);
?>
=3
oliro
Forum Newbie
Posts: 4
Joined: Fri Jul 03, 2009 9:19 am

Re: php CRYPT() function with MD5

Post by oliro »

Thank you...so is

Code: Select all

<?php
md5($salt.$password);
?>

the same as

Code: Select all

<?php
crypt($password,$salt);
?>

?
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: php CRYPT() function with MD5

Post by Eric! »

One returns a hex number the other returns a string. You also need to make crypt do md5.
http://cr.php.net/manual/en/function.crypt.php
oliro
Forum Newbie
Posts: 4
Joined: Fri Jul 03, 2009 9:19 am

Re: php CRYPT() function with MD5

Post by oliro »

yes, that is what I am doing with the user input:

crypt($password, $user_salt) // user salt is in the format $1$xxxxxxxx$ for MD5

question is, how do I generate that same string using MD5?
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: php CRYPT() function with MD5

Post by Eric! »

Try playing with this function, I'm not sure it will work exactly for all cases so try testing it carefully. Pass the md5 $hex number...

Code: Select all

function hex2string($hex)
{
    $string='';
    for ($i=0; $i < strlen($hex)-1; $i+=2)
    {
        $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    }
    return $string;
}
oliro
Forum Newbie
Posts: 4
Joined: Fri Jul 03, 2009 9:19 am

Re: php CRYPT() function with MD5

Post by oliro »

Thanks...that one didn't do it, unfortunately. In this case, PHP is doing exactly what it is supposed to, but I can't figure out how to make Coldfusion do what PHP is doing; for example, when I use the PHP md5() function and the Coldfusion hash() function, the result is identical...however, when I throw the crypt() function in there with a salt in PHP, I can no longer replicate it in Coldfusion.

It seems that if I can replicate exactly the steps that the crypt function takes to combine the salt and the string, I should be able to figure this out, right?
Sephern
Forum Commoner
Posts: 73
Joined: Sun Jan 04, 2009 4:44 pm

Re: php CRYPT() function with MD5

Post by Sephern »

So erm, what's wrong with just using md5, rather than crypt? o.o
Post Reply