0

I am trying to store passwords in an encrypted format but it does not seem to be working correcty. Here is the php code I am using.

function encryptMe($input, $salt){
 $output = crypt($input,$salt);
return $output;
}
function getSalt(){
 //set number of repititions
 $reps="5000";
 $salt = substr(str_replace('+', '.', base64_encode(
 pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand())
 )), 0, 16);
 $salt = "6ドル$"."rounds=".$reps."$".$salt; 
 return $salt; 
}

I have the following statement also in my code.

$input['password'] = $_POST['password'];
$salt = getSalt();
$input['password'] = encryptMe($input['password'],$salt);

I have ran this multiple time with different salt but the same password and keep getting the same hash. Changeing the salt does not seem to have any effect and I cant figure out what is wrong. Can someone look at this code and help me?

Also is there any way to veryify that this is using SHA512?

asked May 27, 2011 at 3:24
6
  • If you want to always use SHA-512, have a look here instead of using crypt(). Commented May 27, 2011 at 3:30
  • You can check CRYPT_SHA512 to see if SHA512 is available. Commented May 27, 2011 at 3:31
  • I am using PHP 5.2 and I cant find a way to use salt with the hash function. Commented May 27, 2011 at 3:55
  • I tried to switch to the have function including my psudo random salt but still get the same results every time. Here is the code I am using. Commented May 27, 2011 at 4:12
  • hold on and let me check that again Commented May 27, 2011 at 4:13

1 Answer 1

1

That is because crypt() returns only a few first characters, so the inputs, even are different, still may return the same string since only the last characters changed.

Alternative way is using hash() for SHA-256. Somebody shared you a very interesting link in your post already.

Edit

This is how vBulletin encrypts passwords. Don't know if they're still using this method.

$password_hash = md5(md5($password_text) . $user_salt);
// $user_salt is a random three character string stored 
// in the user table as 'salt'.
answered May 27, 2011 at 3:58
Sign up to request clarification or add additional context in comments.

1 Comment

I dont think I can use a salt with the hash function

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.