\_ I've noticed that the version of PHP I'm working with (php3) seems
\_ to return a hash on only the first 10-14 characters of a string.
I'm guessing it's actually on char 9+ [see below].
\_ crypt curiously returns the same hash for matching HTTP_USER_AGENT strings,
\_ even though the time() function returns different values (I tried it with
\_ microtime() too, same result). The md5 hash is always different. It's my
\_ understanding that crypt() is supposed to hash an entire string; am I
\_ mistaken? Or is there perhaps something wacky with the installation I'm
\_ working with?
More than likely, the PHP engine is doing a straight call to the
standard crypt() function.
>From man crypt:
By taking the lowest 7 bit of each character of the key, a
56-bit key is obtained.
Quick math says 56/7 = 8 chars are important. [Hum, typo, prolly
should be 'lowest 7 bit_s_'. :-]
>From days of yore, passwords were up to 8 characters...everything else
was cover for the fact that your 'password' was
'cleartext8324ashdfh823hfasdf' :-)
Also, I don't believe DES is a) "secure" still (prolly unimportant in
your case), or b) guaranteed unique.
md5 is.
AFAIK. YMMV. HTH. HAND.
David
(text/plain)