If I spend 15 hours on this, maybe I find a solution. But if Scream or another programmers look at this, they can probably fix this in half hour.
Though this is not a problem for most people, it still seems to be a bug.It could even be a php implementation bug, that the crypt function is not consistent over operating systems.
Our provider's support thinks there is a problem that it could be either DES or MD5.
there seems to be a problem at password CREATION and password CHANGE time! Even when something else was changed in the profile page that also contains the password, then the password also gets saved again!
how long is the initial salt? I think it is only a lengh of 2 characters!? and then later at password VERIFICATION time the salt is longer? is there not something wrong?
It seems that different systems default to different crypt algorithms (MD5,DES) but somehow they can be forced to a certain algorithm. No clue why they would not use the same algorithm, though. I also observed the problem only when creating the password on FreeBSD and then verifying the password on Linux. I am not aware that the problem also arises the other way around, but I might be wrong. Also, it could have something to do with perl vs php versions, but I also believe it occurred in both perl and php.
"You can recognize
MD5 passwords because the encrypted string always begins with "$1$". "
The password verification program could, for example, check for "$1$" at the beginning.
