>> i want to store some sort of passwd in a text file using the crypt function.
>> however, i find out that the encrypted string is different at each time of
>> generation. so how could i know the password entered by the user is the same
>> as that in the database? thanks in advance.
> The first two characters of the returned encrypted value are the salt.
> If you encrypt with the same salt each time, it will work.
But you should really use random 2 character salt (see man crypt for chars
to use) so crypted passwords will be different. Otherwise it would be too
easy to tell if 2 people used the same password.
To tell if a user supplied plain text password matches a crypted password,
crypt the plain text password using the crypted password as salt and see
if that equals the crypted password. If you only use just the first 2
characters of the crypted password as salt, the test would fail if your
system uses MD5 passwords. Using the whole crypted password as salt for
the test works for both DES and longer MD5 passwords.
David Efflandt (Reply-To is valid) http://www.de-srv.com/