Page 1 of 1
php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 9:23 am
by oliro
Hello,
I am trying to create an interactive/SSO system between coldfusion and php/mysql. The password is encrypted on the PHP side using crypt() and MD5, using a unique 12-character user salt, and stored in the database. The issue I am having is that I am having a hard time recreating the resulting string on the coldfusion side; I can hash the password using MD5 in coldfusion, but the resulting string does not match the string encrypted on the PHP side.
How the crypt function apply the salt when MD5ing an input string? Prepend, append, or something different?
Thanks,
Oli
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 9:31 am
by Sephern
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 10:34 am
by oliro
Thank you...so is
Code: Select all
<?php
md5($salt.$password);
?>
the same as
Code: Select all
<?php
crypt($password,$salt);
?>
?
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 10:49 am
by Eric!
One returns a hex number the other returns a string. You also need to make crypt do md5.
http://cr.php.net/manual/en/function.crypt.php
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 11:11 am
by oliro
yes, that is what I am doing with the user input:
crypt($password, $user_salt) // user salt is in the format $1$xxxxxxxx$ for MD5
question is, how do I generate that same string using MD5?
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 11:21 am
by Eric!
Try playing with this function, I'm not sure it will work exactly for all cases so try testing it carefully. Pass the md5 $hex number...
Code: Select all
function hex2string($hex)
{
$string='';
for ($i=0; $i < strlen($hex)-1; $i+=2)
{
$string .= chr(hexdec($hex[$i].$hex[$i+1]));
}
return $string;
}
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 12:51 pm
by oliro
Thanks...that one didn't do it, unfortunately. In this case, PHP is doing exactly what it is supposed to, but I can't figure out how to make Coldfusion do what PHP is doing; for example, when I use the PHP md5() function and the Coldfusion hash() function, the result is identical...however, when I throw the crypt() function in there with a salt in PHP, I can no longer replicate it in Coldfusion.
It seems that if I can replicate exactly the steps that the crypt function takes to combine the salt and the string, I should be able to figure this out, right?
Re: php CRYPT() function with MD5
Posted: Fri Jul 03, 2009 3:38 pm
by Sephern
So erm, what's wrong with just using md5, rather than crypt? o.o