crypt vs. md5

adavis

I've done a search on crypt and md5, didn't find an answer to my question. Which is more secure and why?

I am using crypt($pass,$salt) where $salt is 9-characters of letters and numbers. The password comes out pretty "greek" looking to me.

However, I've been working on adding some features to my user authentication lately and have looked at a lot of tutorials and scripts. Most of them seem to use the md5 encryption method. Why???

Mordecai

Well, both are hashes (one-way encryption). MD5 is more secure by nature, seeing as it uses 12 character hashing, rather than the default 2 for crypt.
There are two types of standard encryption that crypt uses: standard DES, and extended DES. Standard is the default: 2. Extended raises that number to 9. You can, however, specify your own salt which can be much more than 12, and in turn will be more secure than MD5.

Most probably use MD5 because it matches since you don't specify salt.

phence

oh.. i was wandering the same.

sooo.. if you use a salt with crypt() then it is more secure than md5? because you wont have repeated passwords in ur database?
for instance..
If the salt is choosen by the first 2 letters of the username 'phence', then the user uses the password 'mullet' then the password is encripted as 'ph42v0g5d8fs' or somthing like that.
then another user 'jason' comes along and has the same password 'mullet'.
Would the password be 'ja42v0g5d8fs' ? or 'ja45m34m62d' ??

now using md5, if 2 users had the same password 'mullet' the encypted password would look something like this 'jh3kjb4nl6h' for both of them. Correct?? or No??

i just through out those encrypted passwords but i think you understand what im saying.

bike5

use md5 with crypt

$string = md5(whatever) . crypt($pass,$salt);

adds a very very unlikly chance of a repeating string.

two same passwords with md5 with be the same thing, thats why you can check against a md5 password with a login md5'ing there passwords and checking it against the md5 password in the DB. Can't do that with crypt cause it always changes.