How do I validate user passwords using the encrypted password sent through IPN?

PayPal's Subscriptions Password Management feature automatically generates a username and password, which are given to the payer once they've completed payment. The payer can see their username and password in plain text as they are on PayPal's secure page, but when this password goes back to the merchant through IPN, it is encrypted.

To validate the password that the user enters on your site, you can use the UNIX Crypt function to encrypt the password the user enters and match it with the password that PayPal returned through IPN.

For this to work, you use the first two characters of the encrypted password that PayPal returned through IPN as the salt with the UNIX Crypt function.