Question
I had setup a password system which had the system generate a random digit character and use that as the rounds number for crypting a password.
It worked fine until recently when logins stopped working. After a bit of debugging i realized that the cyrpt() function is not accepting the 4 digits anymore and instead only keeping the first 2 digits.
Example:
Generated Rounds Number:6355 Crypt output: $6$rounds=63$jOa4lXzFPo1W120PzaHk06JjQQ0C/PvmzB6SGdtniZ3hy2OeCQ9WDf2qlFEb9lHikGJcgp7vvI1wZxX4PcJWQ/
As you can see only the first 2 digits are being kept.
Does anyone have a solution to why this suddenly changed?
Solution
First of all, there is no purpose for using a randomized number of rounds. This adds no additional security.
Secondly, it sounds like you are using this to validate passwords of users logging into your site. If that is what you are doing, then using a one way hash rather than encryption is the most secure way.
https://stackoverflow.com/questions/18294339
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian