Portal Home > Knowledgebase > Articles Database > PHP CRYPT_MD5 Authentication
Posted by GameFrame, 07-22-2009, 09:24 PM I am referring to: http://php.net/manual/en/function.crypt.php This is kinda confusing and none in the above link did not provided a proper solution for verifying FreeBSD MD5 hash stored in a database, instead all examples showed how to crypt. Allright, there is no actual decrypt function since it´s a One-way string encryption which is not vulnerable to rainbow or dictionary attack unlike the default md5() function. As FreeBSD MD5 documentation says, by recrypting a user supplied password and comparing those hashes without never revealing real password to operating system etc. this authentication process can be achieved. To be sure i wanted to same time share this method and verify by other PHP developers here that am i right? This is exactly the same format commonly used in /etc/shadow on all Linux distributions. crypt_md5.php In the above example, $stored is the hash in a database. When you run the above code, output should be similar to this: php crypt_md5.php $1$.9Yv9HL7$1y7Y/2aYiMFxzFhY/BuqI1 Password verified! Password reverified! It took me quite a while figure out that i need to use existing salt for recrypting a user supplied password. This should be right but at the time i did this, i was kinda tired
Posted by GameFrame, 07-23-2009, 11:15 PM The above example works perfectly. I yesterday implemented that method to my live site. I updated same example yesterday to php.net manual but now it´s gone. Well then that is the case, why bother giving any examples.
Add to Favourites 
Print this Article
