discomatt Posted April 9, 2008 Share Posted April 9, 2008 Here's a quick example of some minor flexibility that makes it hard even with a known algo <?php // Stored outside webroot $usersalt = 'sha256'; $userhash = 'haval256,5'; $salt_size = 32; $offset = 22; $pass = 'i love you'; // Proof of concept. Don't use code below $salt = hash( $usersalt, uniqid(mt_rand(), true) ); $saltlen = strlen($salt); if ( $salt_size <= 16 || $salt_size > $saltlen ) $salt_size = $saltlen; else $salt = substr( $salt, mt_rand(0, $saltlen - $salt_size), $saltlen ); unset($saltlen); $newpass = hash($userhash, $salt.$pass); $hashed = substr( $salt, $offset-$salt_size ) . $newpass . substr($salt, 0, $offset); echo $hashed; echo '<br>'; echo $salt; echo '<br>'; echo strlen($hashed) * 4 . ' bits'; ?> Link to comment https://forums.phpfreaks.com/topic/99421-md5-or-sha-1/page/3/#findComment-512750 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.