diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2011-10-14 16:05:57 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2011-10-14 16:05:57 +0200 |
| commit | 7ae6f87a6c547c0bed9f52e628c050551529259a (patch) | |
| tree | e5c757a5cc82528f60eb85c3ea8dc5565caf97a7 /inc/PassHash.class.php | |
| parent | 931a41b3c0876dd969a780d5c17c2c435f8749ce (diff) | |
| download | rpg-7ae6f87a6c547c0bed9f52e628c050551529259a.tar.gz rpg-7ae6f87a6c547c0bed9f52e628c050551529259a.tar.bz2 | |
Fixed test and broken salt generation in PassHash class
Turned out a test wasn't really testing what it should have been testing
and thus did hide a bug. Still puzzles me why it still worked some
times.
This patch also sets the default iteration count for bmd5 and pmd5 to 8.
Diffstat (limited to 'inc/PassHash.class.php')
| -rw-r--r-- | inc/PassHash.class.php | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 541de6752..31493c022 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -82,7 +82,7 @@ class PassHash { public function gen_salt($len=32){ $salt = ''; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - for($i=0;$i<$len,$i++;) $salt .= $chars[mt_rand(0,61)]; + for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,61)]; return $salt; } @@ -292,17 +292,20 @@ class PassHash { * Password hashing method 'pmd5' * * Uses salted MD5 hashs. Salt is 1+8 bytes long, 1st byte is the - * iteration count. + * iteration count when given, for null salts $compute is used. * * @param string $clear - the clear text to hash * @param string $salt - the salt to use, null for random * @param string $magic - the hash identifier (P or H) + * @param int $compute - the iteration count for new passwords * @returns string - hashed password */ - public function hash_pmd5($clear, $salt=null, $magic='P'){ - $this->init_salt($salt); - + public function hash_pmd5($clear, $salt=null, $magic='P',$compute=8){ $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + if(is_null($salt)){ + $this->init_salt($salt); + $salt = $itoa64[$compute].$salt; // prefix iteration count + } $iterc = $salt[0]; // pos 0 of salt is iteration count $iter = strpos($itoa64,$iterc); $iter = 1 << $iter; @@ -340,8 +343,8 @@ class PassHash { /** * Alias for hash_pmd5 */ - public function hash_hmd5($clear, $salt=null, $magic='H'){ - return $this->hash_pmd5($clear, $salt, $magic); + public function hash_hmd5($clear, $salt=null, $magic='H', $compute=8){ + return $this->hash_pmd5($clear, $salt, $magic, $compute); } /** |