password hashing ?

Synaptic

Joined: 2006-05-28
Posts: 1

Posted: Sun, 2006-05-28 22:26

What hash was used to encrypt the passwords I'm looking to develop a user registration system instead of having to email me asking for a username/password ect

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Mon, 2006-05-29 03:53

The entire algorithm is here:

    function isCorrectPassword($password) {
        $valid = $this->getHashedPassword();
        $salt = substr($valid, 0, 4);
        /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
        $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
        if (!strcmp($guess, $valid)) {
            return true;
        }
        /* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
        GalleryUtilities::sanitizeInputValues($password, false);
        $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
        return !strcmp($guess, $valid);
    }

If you want to verify a password is correct, you can do this:

function isCorrectPassword($hashedPassword, $passwordToCheck) {
    $salt = substr($hashedPassword, 0, 4);
    GalleryUtilities::sanitizeInputValues($passwordToCheck, false);
    return $hashedPassword == ($salt . md5($salt . $passwordToCheck));
}

You'll need to require GalleryUser.class and GalleryUtilities.class. This is off the top of my head; I haven't tested it. But it should work.

Synaptic Joined: 2006-05-28 Posts: 1	Posted: Sun, 2006-05-28 22:26
	What hash was used to encrypt the passwords I'm looking to develop a user registration system instead of having to email me asking for a username/password ect
	XUser login Username: * Password: * Create new account Request new password
bharat Joined: 2002-05-21 Posts: 7994	Posted: Mon, 2006-05-29 03:53
	The entire algorithm is here: function isCorrectPassword($password) { $valid = $this->getHashedPassword(); $salt = substr($valid, 0, 4); /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: / $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); if (!strcmp($guess, $valid)) { return true; } / Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */ GalleryUtilities::sanitizeInputValues($password, false); $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); return !strcmp($guess, $valid); } If you want to verify a password is correct, you can do this: function isCorrectPassword($hashedPassword, $passwordToCheck) { $salt = substr($hashedPassword, 0, 4); GalleryUtilities::sanitizeInputValues($passwordToCheck, false); return $hashedPassword == ($salt . md5($salt . $passwordToCheck)); } You'll need to require GalleryUser.class and GalleryUtilities.class. This is off the top of my head; I haven't tested it. But it should work.

password hashing ?

XUser login