Mislim da je bolji MD5... Navescu samo 2 razloga (koje sam sad procitao :P):
1. Crypt koristi razne "uzorke" za kriptovanje. Tako da pri uporedjivanju podataka, moras da znas i taj uzorak koji si koristio:
Code:
<?php
$password = crypt('mypassword'); // let the salt be automatically generated
/* You should pass the entire results of crypt() as the salt for comparing a
password, to avoid problems when different hashing algorithms are used. (As
it says above, standard DES-based password hashing uses a 2-character salt,
but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
?>
2. Navedeno je u zagradi gore u kodu da crypt() koristi 2-karakterni uzorak, dok MD5 koristi 12-karakterni. Tako da dolazimo do zakljucka da je teze "razbiti" MD5 enkripciju, nego crypt(). Primeri enkripcije sa razlicitim uzorcima:
Code:
<?php
if (CRYPT_STD_DES == 1) {
echo 'Standard DES: ' . crypt('rasmuslerdorf', 'rl') . "\n";
}
if (CRYPT_EXT_DES == 1) {
echo 'Extended DES: ' . crypt('rasmuslerdorf', '_J9..rasm') . "\n";
}
if (CRYPT_MD5 == 1) {
echo 'MD5: ' . crypt('rasmuslerdorf', '$1$rasmusle$') . "\n";
}
if (CRYPT_BLOWFISH == 1) {
echo 'Blowfish: ' . crypt('rasmuslerdorf', '$2a$07$rasmuslerd...........$') . "\n";
}
?>
Rezultat:
Code:
Standard DES: rl.3StKT.4T8M
Extended DES: _J9..rasmBYk8r9AiWNc
MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
Blowfish: $2a$07$rasmuslerd............nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra
Pozdrav!
EDIT: Zaboravio sam da napomenem, da su svi kodovi preuzeti sa php.net !