Great book, very helpful basis to writing php and mysql database. I've based my login on hash_hmac (page 78 chapter 4). Works fine for some passwords, but then a password attempt was rejected and I traced it back to the binary save.
Below is echo from various versions of Password, Crypt, Hash false so not saving binary, Hash true but then base64_encoded, saved to varbinary(100) and saved to tinyblob.
First line is echo of the variable saved, second line is the value as read back from the database.
Why does a password '11Waldron' not read back as saved in the last two cases when save as varbinary or tinyblob? Any thoughts?
Coding is basically -
$UsePassTBHash= mysql_real_escape_string(hash_hmac('sha256',$Password,'c#rAz01',true));
Results are -
11Waldron(Password)
juxBFM8KEpQoo(UsePassCrypt)
juxBFM8KEpQoo
00d93c9fb500fa4805b957c8c763392d099c5c67ab59f178722ce73018d17169(UsePassHashFalse)
00d93c9fb500fa4805b957c8c763392d099c5c67ab59f178722ce73018d17169
ANk8n7UA+kgFuVfIx2M5LQmcXGerWfF4ciznMBjRcWk=(UsePassB64Hash)
ANk8n7UA+kgFuVfIx2M5LQmcXGerWfF4ciznMBjRcWk=
\0�<��\0�H�W��c9- �\\g�Y�xr,�0�qi(UsePassVBHash)
�<���H�W��c9- �\g�Y�xr,�0�qi
\0�<��\0�H�W��c9- �\\g�Y�xr,�0�qi(UsePassTBHash)
�<���H�W��c9- �\g�Y�xr,�0�qi