[RESOLVED] Password Hashing - different results

baffled_in_york

Hi,

A customer has decided to change his main domain name and it's causing me a strange problem when a visitor tries to login to his web site. I hold the password on the dB in a hashed format for security and I use the following code to re-create the hash value to validate when they login:

$user2=md5(str_replace('@' , 'x', $myusername));
$salt = '$2a$07$' .  $user2;
$salt = substr($salt, 0, 29);
$studentHash=crypt($mypassword, $salt);

Using the values :-

$myusername="test@mysite.com"; 
$mypassword = "myPassword";

I get the following results on the existing domain name:
$user2=c378849bf3dc7404709d8d5f134cc1c7
$salt=$2a$07$c378849bf3dc7404709d8d
$studentHash=$2qzt1GHWP4MI

and I get the following results on the new domain name:
$user2=c378849bf3dc7404709d8d5f134cc1c7
$salt=$2a$07$c378849bf3dc7404709d8d
$studentHash=$2a$07$c378849bf3dc7404709d8OldkxZkgRnyEHf/X401YS/EyrWxqt4AW

Can anybody explain please why $studentHash is different when the values passed into the crypt function are identical?

Thanks for any help.

bradgrafelman

The first server doesn't support CRYPT_BLOWFISH, the second one does.

baffled_in_york

Yeah. Just discovered first server running PHP5.2 and the other PHP5.3. Thanks