I am having a strange behavior with the crypt() . Here is my code in Zend:
$correct_password_hash = $this->getHelper('User')->generateHash('bd468cffe6b179d8e5ef30bd993d37e5','572906092501a20f4222a54.54479708');
$edited_password_hash = $this->getHelper('User')->generateHash('bd468cffe6b179d8e5ef30bd993d37e','572906092501a20f4222a54.54479708');
echo "Correct Password Hash - ".$correct_password_hash."<br/>";
echo "Edited Password Hash - ".$edited_password_hash;
I am passing a md5 generated string to the helper function generateHash as first parameter and a salt as second parameter. I store the generated hash in $correct_password_hash variable.
Now in in the second call to the same helper function , i have just removed the letter 5 at the end of the first parameter. the second parameter is the same. But still its generating the same hash as first one.
Here is the output:
Correct Password Hash - 57CO1Lzyk81kk
Edited Password Hash - 57CO1Lzyk81kk
The helper generateHash is as follows:
public function generateHash($md5, $salt)
{
return crypt($md5, $salt);
}
Is this how crypt() supposed to work?
Thanks.
crypt() is defaulting to standard DES-based algorithm. Which in turn uses only 8 first characters from the password and 2 first characters from the salt.
See crypt() documentation for more details about how to modify the behaviour of crypt(): http://php.net/crypt
If you are doing password hashing, go with bcrypt.