Hi everyone. I am new to encryption.
I am developing a web client that communicates with LDAP using PHP. Right now I have an OpenLDAP server running and a client program that is connected to it for browsing call "LDAPEditor". This LDAP editor along with 3 other LDAP editors I use have the ability to change the "userPassword" of the LDAP entry. I can choose between 4 or 5 different types of encryption.
I have chosen MD5. I know this isn't strong encryption but I want to use this as an example.
Anyway, when I create a new password in LDAPEditor using MD5 the password is stored.
But when I go to PHP and use the function MD5("password"), the two encrypted passwords look nothing alike.
What am I doing wrong? The same happens for SHA and Crypt.
Also can someone please explain what the difference is in using hash("md5", "password") and md5("password") is?
thanks
Basic questions about Encryption.
Moderator: General Moderators
-
Paul Arnold
- Forum Contributor
- Posts: 141
- Joined: Fri Jun 13, 2008 10:09 am
- Location: Newcastle Upon Tyne
Re: Basic questions about Encryption.
Is LDAPEditor using some kind of automatic salt or something?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Basic questions about Encryption.
It is not an encryption algorithm, it is a hash algorithm.karozans wrote:I know this isn't strong encryption
There is no difference between hash('md5','password') and md5('password'). The reason why you are getting a different hash value is probably a salt that was added into the preimage. If not, then the algorithm itself would have been changed, which would be quite scary.karozans wrote:But when I go to PHP and use the function MD5("password"), the two encrypted passwords look nothing alike.
Also can someone please explain what the difference is in using hash("md5", "password") and md5("password") is?
Re: Basic questions about Encryption.
I am not sure. I don't see any indications that it uses salt but it must. Everytime I generate a md5 password using the same password string I get a different hashed value back. It must use a randomized salt. But if that is the case how is one able to validate a password. Don't you need to know what the salt value is in order to validate?Paul Arnold wrote:Is LDAPEditor using some kind of automatic salt or something?
Maybe I don't understand how md5 works exactly.
thanks for the reply.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Basic questions about Encryption.
Yes you need to know the salt. Maybe you should ask the creators of LDAP Editor about this.karozans wrote:Paul Arnold wrote:Everytime I generate a md5 password using the same password string I get a different hashed value back. Don't you need to know what the salt value is in order to validate?
Re: Basic questions about Encryption.
Okay thanks for the help.