Mercurial > hg > ywww

comparison user/uk/PasswordHash.php @ 6:077b0a0a3e6d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remaining originals according to dependency walk
author Robert Boland <robert@markup.co.uk>
date Thu, 16 Feb 2017 22:29:02 +0000
parents
children
comparison
equal deleted inserted replaced
5:55445b456ad0 6:077b0a0a3e6d
1 <?php
2 #
3 # Portable PHP password hashing framework.
4 #
5 # Version 0.2 / genuine.
6 #
7 # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
8 # the public domain.
9 #
10 # There's absolutely no warranty.
11 #
12 # The homepage URL for this framework is:
13 #
14 # http://www.openwall.com/phpass/
15 #
16 # Please be sure to update the Version line if you edit this file in any way.
17 # It is suggested that you leave the main version number intact, but indicate
18 # your project name (after the slash) and add your own revision information.
19 #
20 # Please do not change the "private" password hashing method implemented in
21 # here, thereby making your hashes incompatible. However, if you must, please
22 # change the hash type identifier (the "$P$") to something different.
23 #
24 # Obviously, since this code is in the public domain, the above are not
25 # requirements (there can be none), but merely suggestions.
26 #
27 class PasswordHash {
28 var $itoa64;
29 var $iteration_count_log2;
30 var $portable_hashes;
31 var $random_state;
32
33 function PasswordHash($iteration_count_log2, $portable_hashes)
34 {
35 $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
36
37 if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
38 $iteration_count_log2 = 8;
39 $this->iteration_count_log2 = $iteration_count_log2;
40
41 $this->portable_hashes = $portable_hashes;
42
43 $this->random_state = microtime() . getmypid();
44 }
45
46 function get_random_bytes($count)
47 {
48 $output = '';
49 if (is_readable('/dev/urandom') &&
50 ($fh = @fopen('/dev/urandom', 'rb'))) {
51 $output = fread($fh, $count);
52 fclose($fh);
53 }
54
55 if (strlen($output) < $count) {
56 $output = '';
57 for ($i = 0; $i < $count; $i += 16) {
58 $this->random_state =
59 md5(microtime() . $this->random_state);
60 $output .=
61 pack('H*', md5($this->random_state));
62 }
63 $output = substr($output, 0, $count);
64 }
65
66 return $output;
67 }
68
69 function encode64($input, $count)
70 {
71 $output = '';
72 $i = 0;
73 do {
74 $value = ord($input[$i++]);
75 $output .= $this->itoa64[$value & 0x3f];
76 if ($i < $count)
77 $value |= ord($input[$i]) << 8;
78 $output .= $this->itoa64[($value >> 6) & 0x3f];
79 if ($i++ >= $count)
80 break;
81 if ($i < $count)
82 $value |= ord($input[$i]) << 16;
83 $output .= $this->itoa64[($value >> 12) & 0x3f];
84 if ($i++ >= $count)
85 break;
86 $output .= $this->itoa64[($value >> 18) & 0x3f];
87 } while ($i < $count);
88
89 return $output;
90 }
91
92 function gensalt_private($input)
93 {
94 $output = '$P$';
95 $output .= $this->itoa64[min($this->iteration_count_log2 +
96 ((PHP_VERSION >= '5') ? 5 : 3), 30)];
97 $output .= $this->encode64($input, 6);
98
99 return $output;
100 }
101
102 function crypt_private($password, $setting)
103 {
104 $output = '*0';
105 if (substr($setting, 0, 2) == $output)
106 $output = '*1';
107
108 if (substr($setting, 0, 3) != '$P$')
109 return $output;
110
111 $count_log2 = strpos($this->itoa64, $setting[3]);
112 if ($count_log2 < 7 || $count_log2 > 30)
113 return $output;
114
115 $count = 1 << $count_log2;
116
117 $salt = substr($setting, 4, 8);
118 if (strlen($salt) != 8)
119 return $output;
120
121 # We're kind of forced to use MD5 here since it's the only
122 # cryptographic primitive available in all versions of PHP
123 # currently in use. To implement our own low-level crypto
124 # in PHP would result in much worse performance and
125 # consequently in lower iteration counts and hashes that are
126 # quicker to crack (by non-PHP code).
127 if (PHP_VERSION >= '5') {
128 $hash = md5($salt . $password, TRUE);
129 do {
130 $hash = md5($hash . $password, TRUE);
131 } while (--$count);
132 } else {
133 $hash = pack('H*', md5($salt . $password));
134 do {
135 $hash = pack('H*', md5($hash . $password));
136 } while (--$count);
137 }
138
139 $output = substr($setting, 0, 12);
140 $output .= $this->encode64($hash, 16);
141
142 return $output;
143 }
144
145 function gensalt_extended($input)
146 {
147 $count_log2 = min($this->iteration_count_log2 + 8, 24);
148 # This should be odd to not reveal weak DES keys, and the
149 # maximum valid value is (2**24 - 1) which is odd anyway.
150 $count = (1 << $count_log2) - 1;
151
152 $output = '_';
153 $output .= $this->itoa64[$count & 0x3f];
154 $output .= $this->itoa64[($count >> 6) & 0x3f];
155 $output .= $this->itoa64[($count >> 12) & 0x3f];
156 $output .= $this->itoa64[($count >> 18) & 0x3f];
157
158 $output .= $this->encode64($input, 3);
159
160 return $output;
161 }
162
163 function gensalt_blowfish($input)
164 {
165 # This one needs to use a different order of characters and a
166 # different encoding scheme from the one in encode64() above.
167 # We care because the last character in our encoded string will
168 # only represent 2 bits. While two known implementations of
169 # bcrypt will happily accept and correct a salt string which
170 # has the 4 unused bits set to non-zero, we do not want to take
171 # chances and we also do not want to waste an additional byte
172 # of entropy.
173 $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
174
175 $output = '$2a$';
176 $output .= chr(ord('0') + $this->iteration_count_log2 / 10);
177 $output .= chr(ord('0') + $this->iteration_count_log2 % 10);
178 $output .= '$';
179
180 $i = 0;
181 do {
182 $c1 = ord($input[$i++]);
183 $output .= $itoa64[$c1 >> 2];
184 $c1 = ($c1 & 0x03) << 4;
185 if ($i >= 16) {
186 $output .= $itoa64[$c1];
187 break;
188 }
189
190 $c2 = ord($input[$i++]);
191 $c1 |= $c2 >> 4;
192 $output .= $itoa64[$c1];
193 $c1 = ($c2 & 0x0f) << 2;
194
195 $c2 = ord($input[$i++]);
196 $c1 |= $c2 >> 6;
197 $output .= $itoa64[$c1];
198 $output .= $itoa64[$c2 & 0x3f];
199 } while (1);
200
201 return $output;
202 }
203
204 function HashPassword($password)
205 {
206 $random = '';
207
208 if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
209 $random = $this->get_random_bytes(16);
210 $hash =
211 crypt($password, $this->gensalt_blowfish($random));
212 if (strlen($hash) == 60)
213 return $hash;
214 }
215
216 if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
217 if (strlen($random) < 3)
218 $random = $this->get_random_bytes(3);
219 $hash =
220 crypt($password, $this->gensalt_extended($random));
221 if (strlen($hash) == 20)
222 return $hash;
223 }
224
225 if (strlen($random) < 6)
226 $random = $this->get_random_bytes(6);
227 $hash =
228 $this->crypt_private($password,
229 $this->gensalt_private($random));
230 if (strlen($hash) == 34)
231 return $hash;
232
233 # Returning '*' on error is safe here, but would _not_ be safe
234 # in a crypt(3)-like function used _both_ for generating new
235 # hashes and for validating passwords against existing hashes.
236 return '*';
237 }
238
239 function CheckPassword($password, $stored_hash)
240 {
241 $hash = $this->crypt_private($password, $stored_hash);
242 if ($hash[0] == '*')
243 $hash = crypt($password, $stored_hash);
244
245 return $hash == $stored_hash;
246 }
247 }
248
249 ?>