[RESOLVED] Encryption methods

moboter

Sorry to bother you folks but I have a slight problem.
haven't touched php for years
I have a very simple form passing the username and password to another page
they are posted unencrypted
on the other page the password needs to be changed to some encrypted password.
problem is it is not md5
what other encryption is available
only needs to be encrypted since it it stored that way in the database

just looking through php my admin as it works there

any help apreciated

laserlight

moboter wrote:
problem is it is not md5
what other encryption is available

Despite the close relationship between cryptographic hash algorithms and encryption, MD5 is not an encryption algorithm. But anway, what do you mean by "it is not md5"? Are you trying to determine the algorithm in use by an existing script, or are you trying to say that somehow the md5 function is not available on your copy of PHP, and thus you are looking for an alternative?

moboter

Hello

the MD5 is available and works
(I checked the values of the variables)
I know the clear password as I can login to the DB through various tools including the phpmyadmin.
(MD5 hash and stored password value dont match)

I thought since it does work there it must be possible.
Just can't find where to start.

I hope I explained it a bit better this time

Kudose

How long is the hashed/encrypted password? Are only alphanumeric characters used?

laserlight

moboter wrote:
(MD5 hash and stored password value dont match)

It is probably a case of differing formats. The simple solution is to either stick with the PHP version or the MySQL version.

moboter

Kudose;10940431 wrote:
How long is the hashed/encrypted password? Are only alphanumeric characters used?

Hello,
The encrypted password is 41 characters long
alphanumeric and one leading *

I know md5 is only 32 characters.

Kudose

In theory, the asterisk could be useless and the rest a [man]sha1[/man] password.

laserlight

Hold on...

moboter wrote:
I know the clear password as I can login to the DB through various tools including the phpmyadmin.

So, you are asking what is the algorithm used on MySQL user account passwords? If so, stop guessing and read the MySQL manual.

moboter

Found a solution.
Probably has something to do with the enviroment
Apache 2.2.14 PHP 5.3.1 and MYsql 5.1.42
PHP only with the mysql extension!
the md5 only generated a 32bit hash
mysql wants 42
even the function md5 in mysql only generates 32 bits
now the interisting thing is that the normal $paas== md5 ($password)
only generates 32 bits.
by passing that to the database it failed to connect
solution was to leave out the md5 bit
and pass the password plain

I am confused

Kudose

It was MySQL PASSWORD ...

mysql> SELECT PASSWORD('badpwd');
-> '*AAB3E285149C0135D51A520E1940DD3263DC008C'

laserlight

moboter wrote:
I am confused

I linked you to the precise part of the MySQL 5.1 manual that has the information that you wanted. It specifically says that the PASSWORD function is used on MySQL user account passwords, and even provides an example that matches your "41 characters long alphanumeric and one leading *" description. Admittedly, the actual algorithm is not stated, but at worst you could look into the MySQL source to find out.