Hi All,
Is this possible to crack if I only have the $encrypted_password / hash? How should I go about doing this. Any help or point me to the right direction is much appreciated.
Thanks.
Best regards,
Azren[/php]
Is this possible to crack if I only have the $encrypted_password / hash? How should I go about doing this. Any help or point me to the right direction is much appreciated.
Thanks.
Code:
// validate password function
function validatePassword(
$username, /* username string */
$cleartext_password, /* clear text password that's supplied by user */
$encrypted_password /* encrypted password that's stored in the database */
) {
// build a key based on supplied username and clear text password
$key = trim($username).trim($cleartext_password);
// decrypt the encrypted password based on the above key
$decrypted_password = decrypt($encrypted_password, $key, 'twofish', 'cfb');
// if both string matches, password is correct
if ($decrypted_password == $cleartext_password) return true;
// if both string does not match, password is wrong
return false;
}Best regards,
Azren[/php]