How does the password encryption on php fusion work?
Asked Modified Viewed 9,814 times
asked
Hi guys,
Could someone please explain how exactly the encryption on php-fusion works?
I'm currently using version 7.02.03.
So far I've found out that the user_algo -> sha256 and user_salt->randomly are parts of the encrypted user_password.
I assume that the encrypting procedure is shown in the /includes/classes/Authenticate.class however I'm not that familiar with PHP to get it..
Is it: (plaintext+user_salt)->sha256->user_password?
or maybe: (user_salt+plain text) ->sha256->user_password?
Thanks in advance for your feedback.
Regards,
l34trul3r
Could someone please explain how exactly the encryption on php-fusion works?
I'm currently using version 7.02.03.
So far I've found out that the user_algo -> sha256 and user_salt->randomly are parts of the encrypted user_password.
I assume that the encrypting procedure is shown in the /includes/classes/Authenticate.class however I'm not that familiar with PHP to get it..
Is it: (plaintext+user_salt)->sha256->user_password?
or maybe: (user_salt+plain text) ->sha256->user_password?
Thanks in advance for your feedback.
Regards,
l34trul3r
answered
[syntaxhighlighter brush=php,first-line=1,highlight=0,collapse=false,html-script=false]<?php
function rand_str($length = 40, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string))
{
$r = $chars{rand(0, $chars_length)};
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;
}
$password = $_GET['id'];
$user_salt = rand_str();
echo "<b>Parola:</b> ".$password." <br />";
echo "<b>user_salt:</b> ".$user_salt." <br />";
echo "<b>user_password:</b> ".hash_hmac('sha256', $password, $user_salt);
?>[/syntaxhighlighter]
generatepassword.php?id=password
EDIT:// ".hash_hmac('sha256', $password, $user_salt)"
function rand_str($length = 40, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string))
{
$r = $chars{rand(0, $chars_length)};
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;
}
$password = $_GET['id'];
$user_salt = rand_str();
echo "<b>Parola:</b> ".$password." <br />";
echo "<b>user_salt:</b> ".$user_salt." <br />";
echo "<b>user_password:</b> ".hash_hmac('sha256', $password, $user_salt);
?>[/syntaxhighlighter]
generatepassword.php?id=password
EDIT:// ".hash_hmac('sha256', $password, $user_salt)"
Edited by eWe on 24-08-2012 23:08,
answered
Ok thanks.
If I use an online hashgenerator and put in my pasword and user_salt I still get a different encrypted user_password hash than shown in the database or in your generatepassword.php
Any idea why?
Thanks
Edit:
If i take the following from your script above:
plain text: hello123
salt: UYA7OPDwjvQbobdQUuxB0pgtglS82WRPXOdmRQMD
user_password = 86115307.....
If I use an online encrypter like Hashgenerator and enter the same plain text and salt, I get a different password: 80d752f8.....
Edit 2: After reviewing the code again I've found that the encryption algorythm is not sha256 but hmac sha256 which causes the difference in the results.
Thanks anyway and regards
If I use an online hashgenerator and put in my pasword and user_salt I still get a different encrypted user_password hash than shown in the database or in your generatepassword.php
Any idea why?
Thanks
Edit:
If i take the following from your script above:
plain text: hello123
salt: UYA7OPDwjvQbobdQUuxB0pgtglS82WRPXOdmRQMD
user_password = 86115307.....
If I use an online encrypter like Hashgenerator and enter the same plain text and salt, I get a different password: 80d752f8.....
Edit 2: After reviewing the code again I've found that the encryption algorythm is not sha256 but hmac sha256 which causes the difference in the results.
Thanks anyway and regards
Edited by l34trul3r on 25-08-2012 18:56,
— 8 months later —
Category Forum
User Administration - 8Labels
None yet
Statistics
- Views 0 views
- Posts 3 posts
- Votes 0 votes
- Topic users 3 members
3 participants
eWe 10
[url=gfxpixel.info]GFXpixel.info[/url] - PHP-Fuison Themes!
- Junior Member, joined since
- Contributed 24 posts on the community forums.
- Started 5 threads in the forums
l34trul3r 10
- Newbie, joined since
- Contributed 2 posts on the community forums.
- Started 1 thread in the forums
- Started this discussions
thimo2 10
- Newbie, joined since
- Contributed 6 posts on the community forums.
- Started 2 threads in the forums
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions