So basically here's the deal - I've been working on a user creation script that uses php crypt, but I've been having some issues with comparative tests.
Any thoughts?
EDIT:
<?php
$pw = 'jason';
$pw2 = 'jason';
$p1 = crypt($pw);
$p2 = crypt($pw2);
if($p1 != $p2){
echo "oh shoot";
}else{
echo "verified";
}
?>
And this consistently replies "oh shoot" indicating that the two outputs do not match.
You should read the function string crypt ( string $str [, string $salt ] ) in php manual crypt
If no salt is provided, PHP will auto-generate either a standard two character (DES) salt, or a twelve character (MD5), depending on the availability of MD5 crypt().
If not provided, one will be randomly generated by PHP each time you call this function. So when you called crypt twice, different results returned.
Crypt is a One Way string hashing function.
The "one way" means that it's nearly impossible to derive the original text from the encrypted string.A one-way hash function is designed in such a way that it is hard to reverse the process, that is, to find a string that hashes to a given value.So crypt() generally gives different output for a same string.
If you want to verify your password what you can do is:
<?php
$hashed_password = crypt('mypassword'); // let the salt be automatically generated
if (hash_equals($hashed_password, crypt($user_input, $hashed_password))) {
echo "Password verified!";
}
?>