diff options
| author | Tim Roes <mail@timroes.de> | 2012-05-07 17:08:35 +0200 |
|---|---|---|
| committer | Tim Roes <mail@timroes.de> | 2012-05-07 17:08:35 +0200 |
| commit | efa78c8638547cab77a37006e7f86aed792a1609 (patch) | |
| tree | 492804d80b28f8e32785b3648d9e03e77804b50f /inc/PassHash.class.php | |
| parent | ae992f53831c105d6deacfef79d7723b22a00033 (diff) | |
| parent | f774b92a94947b3eabd64919b6b4ba74f9c4b5fd (diff) | |
| download | rpg-efa78c8638547cab77a37006e7f86aed792a1609.tar.gz rpg-efa78c8638547cab77a37006e7f86aed792a1609.tar.bz2 | |
Merge branch 'master' of https://github.com/splitbrain/dokuwiki
Diffstat (limited to 'inc/PassHash.class.php')
| -rw-r--r-- | inc/PassHash.class.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 3fb1349d2..d825057f0 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -316,6 +316,11 @@ class PassHash { * Uses salted MD5 hashs. Salt is 1+8 bytes long, 1st byte is the * iteration count when given, for null salts $compute is used. * + * The actual iteration count is the given count squared, maximum is + * 30 (-> 1073741824). If a higher one is given, the function throws + * an exception. + * + * @link http://www.openwall.com/phpass/ * @param string $clear - the clear text to hash * @param string $salt - the salt to use, null for random * @param string $magic - the hash identifier (P or H) @@ -330,6 +335,12 @@ class PassHash { } $iterc = $salt[0]; // pos 0 of salt is iteration count $iter = strpos($itoa64,$iterc); + + if($iter > 30){ + throw new Exception("Too high iteration count ($iter) in ". + __class__.'::'.__function__); + } + $iter = 1 << $iter; $salt = substr($salt,1,8); |