Yes, `pass_hash` and `salt` are BINARY(16) fields in the database.pass_s alt is the result of
Code:
$pass_salt = md5 ( $pass . $salt, true );
Code:
$salt = md5(uniqid(mt_rand(), true), true);
bbosh
Last Activity: Aug 20 '09, 01:24 PM
Joined: Aug 19 '09
Location:
-
There is probably a mysql error (echo mysql_error() to see), probably due to those fields missing
Yes, `pass_hash` and `salt` are BINARY(16) fields in the database.pass_s alt is the result of
$salt could be, for example:
strcmp is binary-safe string comparison: it returns... -
Your current script is a bit over-complicated and is wrong (you are using = assignment rather than ==, === or, even better, strcmp). And your script is open to SQL injection. Here's something I have used before, adapted:
...Code:session_start(); $username = isset($_POST['username']) ? $_POST['username'] : NULL; $password = isset($_POST['password']) ? $_POST['password'] : NULL; $sql = "SELECT
Leave a comment:
-
I suspect all 4 letter passwords are on ready-available rainbow tables, and many 5 and 6 letter passwords are probably there too. And that goes for SHA-1, as well.
(Edit: beat to it)...Leave a comment:
-
base64_*() are not encryption algorithms; they are encoding algorithms. They convert from one form to another (like converting binary and decimal). By "64 bits" you mean "64 characters" and "not secure enough" should be "not secure at all".
You should take a look at mcrypt: http://uk.php.net/manual/en/function.mcrypt-encrypt.php
I'm not entirely sure, but I think MD5 is a fairly secure...Leave a comment:
No activity results to display
Leave a comment: