HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Andi Gutmans (andi <email protected>)
Date: 05/17/01

• Next message: melissa <email protected>: "[PHP-DEV] Bug #10934: set_error_handler () is not catching all errors"
• Previous message: Hojtsy Gabor: "[PHP-DEV] Re: [PHP-DOC] Rename list to php-doc?"
• Next in thread: derick <email protected>: "Re: Fwd: [PHP-DEV] mcrypt failure under PHP 4.0.5 -> more info."
• Reply: derick <email protected>: "Re: Fwd: [PHP-DEV] mcrypt failure under PHP 4.0.5 -> more info."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sascha,

Can you please check this out? It should probably be fixed for 4.0.6.

Andi

>Delivered-To: alias-zend-andi-php-dev <email protected>
>Mailing-List: contact php-dev-help <email protected>; run by ezmlm
>list-post: <mailto:php-dev <email protected>>
>Delivered-To: mailing list php-dev <email protected>
>Date: Thu, 17 May 2001 16:48:36 +0100
>From: Chris Walker <chris <email protected>>
>X-Mailer: The Bat! (v1.51) Personal
>Reply-To: Chris Walker <chris <email protected>>
>Organization: Gameshrine
>To: php-dev <email protected>
>Subject: [PHP-DEV] mcrypt failure under PHP 4.0.5 -> more info.
>
>Hi fellow developers,
>
>RE: mcrypt functionality failure since PHP 4.0.5 upgrade.
>
>This is a snippet taken from the class that handles the addition of
>new users into the users table. It shows the way we *were
>successfully* using mcrypt to encrypt user's passwords:
>
>//--- Begin code paste.
>
> $password_key = md5($username);
>
> // Actual passwords are randomly generated.
> // User may change later.
>
> srand((double)microtime()*1000000);
> $password = substr(md5(rand(0,9999999)),0,8);
>
> // Encrypt password using md5 string above.
>
> $td = mcrypt_module_open (MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
> $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
> mcrypt_generic_init ($td, $password_key, $iv);
> $encrypted_password = mcrypt_generic ($td,$password);
> mcrypt_generic_end ($td);
>
> // Do database insert using $encrypted_password value.
>
>//--- End code paste.
>
>The rest is irrelevant. Up until the upgrade to PHP 4.0.5, the above
>method worked without any issue, each time returning properly
>encrypted passwords which were then stored in the database.
>
>At the moment passwords are now being stored unencrypted but since its
>currently on an internal development server the security implications
>are negligible, BUT I would appreciate any feedback, similar
>encounters, etc from the development community since this clearly
>needs fixing.
>
>Many thanks,
>
>Chris.
>
>
>
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
>For additional commands, e-mail: php-dev-help <email protected>
>To contact the list administrators, e-mail: php-list-admin <email protected>

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: melissa <email protected>: "[PHP-DEV] Bug #10934: set_error_handler () is not catching all errors"
• Previous message: Hojtsy Gabor: "[PHP-DEV] Re: [PHP-DOC] Rename list to php-doc?"
• Next in thread: derick <email protected>: "Re: Fwd: [PHP-DEV] mcrypt failure under PHP 4.0.5 -> more info."
• Reply: derick <email protected>: "Re: Fwd: [PHP-DEV] mcrypt failure under PHP 4.0.5 -> more info."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]