So far as the dictionary attacks are concerned, I thought up the following function:
<?php
function twistSTR($array){
$twisted="";
$array_strlen=array();
foreach ($array as $element){
$array_strlen[]=strlen($element);
}
for ($i=0; $i<max($array_strlen); $i++){
foreach ($array as $element){
if ($i<strlen($element)){
$twisted=$twisted.$element{$i};
}
}
}
return $twisted;
}
?>
The twistSTR function basically takes an array input of strings and alternates each character of each string among all the other strings. For example:
<?php
echo twistSTR(array("this","and","that"));//output: tathnhidast
?>
It can be applied in the following manner:
<?php
if ($un===$_POST["username"] && $pwd===sha1(twistSTR(array($salt,$_POST["password"])))){
?>
It's not amazingly difficult to reverse engineer the actual output, but then again, that's not the point. The point is that when a password is entered into one of those databases, they are going to enter for example "thisandthat", not "tathnhidast".
sha1
(PHP 4 >= 4.3.0, PHP 5, PECL hash:1.1-1.3)
sha1 — 文字列の sha1 ハッシュを計算する
説明
string sha1 ( string $str [, bool $raw_output] )» US Secure Hash Algorithm 1 を使用して str の sha1 ハッシュを計算し、 そのハッシュ値を返します。ハッシュは 40 文字の 16 進数です。 オプションの raw_output に TRUE が 指定された場合、sha1 ダイジェストは 20 バイト長のバイナリ形式で 返されます。
注意: オプションの raw_output パラメータは PHP 5.0.0 で追加され、デフォルトは FALSE です。
例 2377. sha1() の例
<?php
$str = 'apple';
if (sha1($str) === 'd0be2dc421be4fcd0172e5afceea3970e2f3d940') {
echo "Would you like a green or red apple?";
exit;
}
?>
sha1_file()、 crc32() および md5() も参照ください。
sha1
novum123 at ribbonbazaar dot com
30-Nov-2006 01:54
30-Nov-2006 01:54
Dan Casey
17-Nov-2006 01:54
17-Nov-2006 01:54
For all the php4 users who thought you were limited to sha1.
<?php
$phrase = "Hello World";
$sha1a = base64_encode(sha1($phrase));
$sha1b = base64_encode(bin2hex(mhash(MHASH_SHA1,$phrase)));
$sha256b= base64_encode(bin2hex(mhash(MHASH_SHA256,$phrase)));
echo ("SHA1..:" . $sha1a . "\n");
echo ("SHA1..:" . $sha1b . "\n");
echo ("SHA256:" . $sha256b . "\n");
?>
# php sha.php
SHA1..:MGE0ZDU1YThkNzc4ZTUwMjJmYWI3MDE5NzdjNWQ4NDBiYmM0ODZkMA==
SHA1..:MGE0ZDU1YThkNzc4ZTUwMjJmYWI3MDE5NzdjNWQ4NDBiYmM0ODZkMA==
SHA256:YTU5MWE2ZDQwYmY0MjA0MDRhMDExNzMzY2ZiN2IxOTBkNjJjNjV...........
Gregory Boshoff
18-Oct-2006 08:23
18-Oct-2006 08:23
Note that the sha1 algorithm has been compromised and is no longer being used by government agencies.
As of PHP 5.1.2 a new set of hashing functions are available.
http://www.php.net/manual/en/function.hash.php
The new function hash() supports a new range of hashing methods.
echo hash('sha256', 'The quick brown fox jumped over the lazy dog.');
It is recommended that developers start to future proof their applications by using the stronger sha-2, hashing methods such as sha256, sha384, sha512 or better.
As of PHP 5.1.2 hash_algos() returns an array of system specific or registered hashing algorithms methods that are available to PHP.
print_r(hash_algos());
erling dot westenvik at gmail dot com
17-May-2006 10:15
17-May-2006 10:15
Regarding php at REMOVEMEkennel17 dot co dot uk's note below:
The phrase: "To get the correct behaviour", would perhaps be better off if it read: "To get the wanted (but not recommended) behaviour".
Always honor the expected data types for functions: sha1 expects a string as input, and returns a string on exit. NULL, TRUE and FALSE are not string data types. The string "" is a string as good as "any". By following the "logic" that sha1("") should return "", then what should sha1("a") return? "b"? "c"?
An authentication system that allows for blank passwords is not really an authentication system in the first place. What you are describing is merely a way to tell the application that you want to see data in some specific context, like sorted by user name, etc. Create other tools for this purpose and leave the authentication system to deal with what it is supposed to do: Granting users access to restricted data and blocking other users from seeing the same data.
Don't store passwords in clear text, but salt and encrypt them. That way it makes perfect sense having <?php $sStoredPwd === sha1($sStoredSalt . $_POST["sTypedPwd"]); ?>, even with a blank "password". No other person than the user itself, not even the programmer, should know the password or be able to guess it. If the user forgets the password, a new one must be generated.
Regards,
Erling
spam at barad-dur dot nl
23-Oct-2005 08:59
23-Oct-2005 08:59
For servers that don't have the mhash or crypto++-php extensions I wrote an implementation of the SHA256 algorithm as found in the FIPS 180-2 standard.
Source code can be found at http://dev.barad-dur.nl/sha256/
php at REMOVEMEkennel17 dot co dot uk
20-Sep-2005 10:52
20-Sep-2005 10:52
It should be noted that sha1("") does not return an empty string. This means that if you are running a system that does not require users to have a password, the following code will not work as expected:
<?php
if ($StoredPassword == sha1($NewPassword))
// Password good
?>
If $StoredPassword and $NewPassword are both blank, then the password should be treated as good, but because sha1("") != "" it will be treated as bad. To get the correct behaviour you need to use:
<?php
if (($StoredPassword == "" && $NewPassword == "") || ($StoredPassword == sha1($NewPassword)))
// Password good
?>
(Note: I use a custom IsBlank() function instead of comparison against the empty string, so NULL values are also matched.)
For reference, here are a couple of special values put through sha1(). Note that sha1("") == sha1(NULL) == sha1(false), and also that sha1(0) != sha1(false)
"" -> da39a3ee5e6b4b0d3255bfef95601890afd80709
NULL -> da39a3ee5e6b4b0d3255bfef95601890afd80709
0 -> b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
1 -> 356a192b7913b04c54574d18c28d46e6395428ab
false -> da39a3ee5e6b4b0d3255bfef95601890afd80709
true -> 356a192b7913b04c54574d18c28d46e6395428ab
Dan
06-Sep-2005 02:12
06-Sep-2005 02:12
I've noticed websites are now starting to require passwords of a certain length that MUST contain at least 1 non-alphanumeric character. This in itself makes dictionary attacks kind of useless. My web site requires that as well. It uses md5, and appends a site code into the md5 as well. And the include file that contains that site key is outside the public folders. I sure hope I've done enough to keep the bad boys out.
arachnid at notdot dot net
01-Sep-2005 05:12
01-Sep-2005 05:12
WTM's post below is misinformed. The purpose of adding the random data (known as a 'salt', as multiple posters have pointed out further below) is to prevent dictionary based attacks, allowing the attacker use a pre-prepared database of passwords and hashes against all your stored passwords, instead of having to recalculate for each user.
Adding the salt in a more 'complicated' way is a poor security tactic - if the attacker discovers your method, the security advantage is lost, and you have no way of changing it without rehashing all your passwords.
WTM
03-Aug-2005 11:30
03-Aug-2005 11:30
Actually, the post by Helpful Harry won't improve your security except for the most simple break in attempts. Since the random seed is attached to the end of the password hash, if you steal the hashed password, you steal the seed.
That means you can write a simple php program to call the pw_check function Harry included from a loop, feeding it dictionary words or random characters.
Of course, if you modified the program to use the seed in a more complicated way, "they" would have to know the new function's operation. But then again, if someone can steal your password database, they can probably steal your website code (or guess it).
Helpful Harry
07-Jul-2005 02:21
07-Jul-2005 02:21
check out these randomized sha1 password storage functions, they output a string of 50 characters, the first 40 characters being a sha1 output based on the last 10 characters - those being a random seed
to encode a password run pw_encode with the password, it'll return a different pseudo-random string every time - store this value.
to check a password run pw_check with the password attempt and the stored value, it'll return true on a match and false otherwise
these functions eliminate the pesky problem of dictionary matches being run on your password lists
<?php
function pw_encode($password)
{
for ($i = 1; $i <= 10; $i++)
$seed .= substr('0123456789abcdef', rand(0,15), 1);
return sha1($seed.$password.$seed).$seed;
}
function pw_check($password, $stored_value)
{
if (strlen($stored_value) != 50)
return FALSE;
$stored_seed = substr($stored_value,40,10);
if (sha1($stored_seed.$password.$stored_seed).$stored_seed == $stored_value)
return TRUE;
else
return FALSE;
}
?>
alex at milivojevic dot org
29-Apr-2005 06:12
29-Apr-2005 06:12
Regarding my previous comment, if you want to be on the safe side and use only ASCII printable seeds (shouldn't matter for SSHA seeds), something like this could be used:
<?php
$salt = substr(base64_encode(pack("H*", sha1(mt_rand()))), 0, 4);
?>
alex at milivojevic dot org
29-Apr-2005 02:45
29-Apr-2005 02:45
If you don't have mhash library and/or PHP module (for example, Red Hat systems, which includes Fedora), and you don't feel like adding it, you can use something like this to generate and verify SSHA hashes.
<?php
$password = "test";
// Generate SSHA hash
mt_srand((double)microtime()*1000000);
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
$hash = "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt)) . $salt);
echo $hash . "\n";
// Verify SSHA hash
$ohash = base64_decode(substr($hash, 6));
$osalt = substr($ohash, 20);
$ohash = substr($ohash, 0, 20);
$nhash = pack("H*", sha1($password . $osalt));
if ($ohash == $nhash) {
echo "Password OK\n";
} else {
echo "Password verifiaction failed\n";
}
?>
svn at datapirate dot de
20-Feb-2005 10:26
20-Feb-2005 10:26
Wanna use SHA-2 algorithm? Try this:
Download Tar-Ball from http://www.adg.us/computers/sha.html
Compile (may occur some warnings) and test it:
cc -O2 -DSHA2_UNROLL_TRANSFORM -Wall -o sha2 sha2prog.c sha2.c
./sha2test.pl
Copy it to /usr/local/bin/ (don't forget to check permissions)
Here are two functions that could be used with:
function sha2($bits, $string){
$sha2bin="/usr/local/bin/sha2";
$echocmd="echo";
if(!in_array($bits, array(256, 384, 512)))return(false);
$r=exec($echocmd." ".escapeshellarg($string)."|".$sha2bin." -q -".$bits, $sha2);
return($sha2[0]);
}
function sha2_file($bits, $filename){
$sha2bin="/usr/local/bin/sha2";
if(!in_array($bits, array(256, 384, 512)))return(false);
if(!file_exists($filename)||!is_readable($filename))return(false);
$r=exec($sha2bin." -q -".$bits." ".escapeshellarg($filename), $sha2);
return($sha2[0]);
}
and use it like below:
<?php
$str = 'apple';
if (sha2(256, $str) === '303980bcb9e9e6cdec515230791af8b0ab1aaa244b58a8d99152673aa22197d0') {
echo "Would you like a green or red apple?";
exit;
}
?>
dayoman at webfreax dot nl
17-Feb-2005 08:04
17-Feb-2005 08:04
SHA-1 almost followed SHA-0:http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
hans at pennywaffer dot net
20-Dec-2004 01:18
20-Dec-2004 01:18
You can also use sha1() to create a fixed sized ID based on the folderpath containing the performing script. Imagine an environment where multiple instances of a script are running simultaneously, making use of session variables (a good example would be thumbnaildirectories that each contain an instance of a thumbnailmanager). To prevent your $_SESSION array from getting influenced by other scripts that are on the same server and run from the same browserwindow (and thus having the same session ID), use the following approach:
session_start();
$myDir = sha1(dirname(__FILE__));
$_SESSION[$myDir]['var'] = etc;
instead of just using $_SESSION['var'] = etc;
This way your userauthentication and shoppingcart data won't get mixed up. The use of sha1() also prevents strange symbols or spaces in the folderpath messing up the ID, and makes sure the ID has a constant size regardless the length of the path.
sinatosk at gmail dot com
23-Nov-2004 05:43
23-Nov-2004 05:43
Heres an SHA1 function that will work on it's own completely. This is for users who are using below PHP 4.3.0. it works same as PHP5 ( being able to return raw output ).
<?php
/*
** Date modified: 1st October 2004 20:09 GMT
*
** PHP implementation of the Secure Hash Algorithm ( SHA-1 )
*
** This code is available under the GNU Lesser General Public License:
** http://www.gnu.org/licenses/lgpl.txt
*
** Based on the PHP implementation by Marcus Campbell
** http://www.tecknik.net/sha-1/
*
** This is a slightly modified version by me Jerome Clarke ( sinatosk@gmail.com )
** because I feel more comfortable with this
*/
function sha1_str2blks_SHA1($str)
{
$strlen_str = strlen($str);
$nblk = (($strlen_str + 8) >> 6) + 1;
for ($i=0; $i < $nblk * 16; $i++) $blks[$i] = 0;
for ($i=0; $i < $strlen_str; $i++)
{
$blks[$i >> 2] |= ord(substr($str, $i, 1)) << (24 - ($i % 4) * 8);
}
$blks[$i >> 2] |= 0x80 << (24 - ($i % 4) * 8);
$blks[$nblk * 16 - 1] = $strlen_str * 8;
return $blks;
}
function sha1_safe_add($x, $y)
{
$lsw = ($x & 0xFFFF) + ($y & 0xFFFF);
$msw = ($x >> 16) + ($y >> 16) + ($lsw >> 16);
return ($msw << 16) | ($lsw & 0xFFFF);
}
function sha1_rol($num, $cnt)
{
return ($num << $cnt) | sha1_zeroFill($num, 32 - $cnt);
}
function sha1_zeroFill($a, $b)
{
$bin = decbin($a);
$strlen_bin = strlen($bin);
$bin = $strlen_bin < $b ? 0 : substr($bin, 0, $strlen_bin - $b);
for ($i=0; $i < $b; $i++) $bin = '0'.$bin;
return bindec($bin);
}
function sha1_ft($t, $b, $c, $d)
{
if ($t < 20) return ($b & $c) | ((~$b) & $d);
if ($t < 40) return $b ^ $c ^ $d;
if ($t < 60) return ($b & $c) | ($b & $d) | ($c & $d);
return $b ^ $c ^ $d;
}
function sha1_kt($t)
{
if ($t < 20) return 1518500249;
if ($t < 40) return 1859775393;
if ($t < 60) return -1894007588;
return -899497514;
}
function sha1($str, $raw_output=FALSE)
{
if ( $raw_output === TRUE ) return pack('H*', sha1($str, FALSE));
$x = sha1_str2blks_SHA1($str);
$a = 1732584193;
$b = -271733879;
$c = -1732584194;
$d = 271733878;
$e = -1009589776;
$x_count = count($x);
for ($i = 0; $i < $x_count; $i += 16)
{
$olda = $a;
$oldb = $b;
$oldc = $c;
$oldd = $d;
$olde = $e;
for ($j = 0; $j < 80; $j++)
{
$w[$j] = ($j < 16) ? $x[$i + $j] : sha1_rol($w[$j - 3] ^ $w[$j - 8] ^ $w[$j - 14] ^ $w[$j - 16], 1);
$t = sha1_safe_add(sha1_safe_add(sha1_rol($a, 5), sha1_ft($j, $b, $c, $d)), sha1_safe_add(sha1_safe_add($e, $w[$j]), sha1_kt($j)));
$e = $d;
$d = $c;
$c = sha1_rol($b, 30);
$b = $a;
$a = $t;
}
$a = sha1_safe_add($a, $olda);
$b = sha1_safe_add($b, $oldb);
$c = sha1_safe_add($c, $oldc);
$d = sha1_safe_add($d, $oldd);
$e = sha1_safe_add($e, $olde);
}
return sprintf('%08x%08x%08x%08x%08x', $a, $b, $c, $d, $e);
}
?>
rsemirag at yahoo dot com
03-Nov-2004 03:34
03-Nov-2004 03:34
If you're struggling to generate an SHA encoded password for LDAP (PHP < 5.0), what you end up needing is this:
$userpassword = base64_encode(pack("H*", sha1($pass)));
I found this in the OpenLDAP FAQ (many thanks to Google and Ace), though I'm using the iPlanet LDAP server.
Ray Semiraglio
brian_bisaillon at rogers dot com
26-Feb-2004 01:19
26-Feb-2004 01:19
Source code to create SSHA passwords...
public function HashPassword($password)
{
mt_srand((double)microtime()*1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$hash = "{SSHA}".base64_encode(mhash(MHASH_SHA1, $password.$salt).$salt);
return $hash;
}
Source code to validate SSHA passwords...
public function ValidatePassword($password, $hash)
{
$hash = base64_decode(substr($hash, 6));
$original_hash = substr($hash, 0, 20);
$salt = substr($hash, 20);
$new_hash = mhash(MHASH_SHA1, $password . $salt);
if (strcmp($original_hash, $new_hash) == 0)
... do something because your password is valid ...
else
echo 'Unauthorized: Authorization has been refused for the credentials you provided. Please login with a valid username and password.';
... be sure to clear your session data ...
}
Note: The format is compatible with OpenLDAP's SSHA scheme if I'm not mistaken.
mark at dot BANSPAM dot pronexus dot nl
30-Jan-2004 11:28
30-Jan-2004 11:28
Looking for a simple function to implement HMAC-SHA1 but don't want to use the entire PEAR Message lib?
//Calculate HMAC-SHA1 according to RFC2104
// http://www.ietf.org/rfc/rfc2104.txt
function hmacsha1($key,$data) {
$blocksize=64;
$hashfunc='sha1';
if (strlen($key)>$blocksize)
$key=pack('H*', $hashfunc($key));
$key=str_pad($key,$blocksize,chr(0x00));
$ipad=str_repeat(chr(0x36),$blocksize);
$opad=str_repeat(chr(0x5c),$blocksize);
$hmac = pack(
'H*',$hashfunc(
($key^$opad).pack(
'H*',$hashfunc(
($key^$ipad).$data
)
)
)
);
return bin2hex($hmac);
}
It is very useful for client-authentication. see also http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf
Optionally you can change $hashfunc to 'md5' to make this an HMAC-MD5 function ;-)
If you want raw or base64 output instead of hexadecimal, just change the last return line.
Cheers,
Mark
p.s. the "$hmac =" line used to be 1 line but I had to cut it up in order to fit it here ;)
labarks
15-Nov-2003 08:06
15-Nov-2003 08:06
Append this to the your sha1lib file to make it more portable. If your version of php does support sha1() then it will try to use Mhash or else it will use the sha1lib. Use $sha1 if you want to display which is being used.
if ( function_exists('sha1') )
$sha1 = "sha1";
if ( !function_exists('sha1') && function_exists('mhash'))
{
function sha1($hash_source)
{
$hash = mhash(MHASH_SHA1, $hash_source);
$hex_hash = bin2hex($hash);
return $hex_hash;
}
$sha1 = "Mhash";
}
if ( !function_exists('sha1') && !function_exists('mhash'))
{
function sha1( $string, $raw_output = false )
{
$library = new Sha1Lib();
return $raw_output ? $library->str_sha1($string) : $library->hex_sha1($string);
}
$sha1 = "sha1lib";
}
andreas at schmeiler dot de
17-Oct-2003 03:50
17-Oct-2003 03:50
To use the sha1 function in php versions <4.3 do the following:
install the mhash library (see http://mhash.sourceforge.net)
then, sha1 can be implemented as follows:
function sha1($hash_source) {
$hash = mhash(MHASH_SHA1, $hash_source);
$hex_hash = bin2hex($hash);
return $hex_hash;
}
bobm at hp dot com
24-Apr-2003 01:12
24-Apr-2003 01:12
To achieve raw binary format prior to PHP5, you can do this...
$raw = pack("H*", sha1($str));
Regards,
Bob Mader