Hi, Everytime I ran part of ISPC code below I always ended up with different hash: Code: function crypt_password($cleartext_password) { $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { $salt.=$base64_alphabet[mt_rand(0, 63)]; } $salt.="$"; return crypt($cleartext_password, $salt); } echo crypt_password('123456'); My silly question is how does ISPC compare with fixed password in database during user login if the hash is different?? Thanks in advance. UPDATE: So ISPC is using salt like this: PHP: $pass = '123456'; $saved_password = stripslashes('$1$9OxdxF8i$fDXnv40cZVF1d3sDkKcAg0'); if(substr($saved_password, 0, 3) == '$1$') { //* The password is crypt-md5 encrypted $salt = '$1$'.substr($saved_password, 3, 8).'$'; if($baru = crypt(stripslashes($pass), $salt) != $saved_password) { $user = false; echo "<br><br>wrong pass"; } else{ echo "<br><br>correct pass"; } echo "<br><br>Hash after encrypt: ".crypt(stripslashes($pass)); echo "<br><br>Salt from password in db: ".$salt; echo "<br><br>After salting: ".crypt(stripslashes($pass), $salt); // for some reason this lead to similar hash as in db. } but I still don't understand how randomly unique hash with salt can actually lead to similar hash as in db. Anyway since it's not ISPC problem than consider this problem solved. Thank you.