From 529b04166c604b1d086cbfeac1bd676227d04872 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 26 Jan 2013 12:59:15 +0100 Subject: added mediawiki password method FS#2559 This should make migrating from MediaWiki a bit easier. --- inc/PassHash.class.php | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) (limited to 'inc/PassHash.class.php') diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 13be479cc..6918a04b4 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -4,7 +4,7 @@ * * This class implements various mechanisms used to hash passwords * - * @author Andreas Gohr + * @author Andreas Gohr * @license LGPL2 */ class PassHash { @@ -58,6 +58,9 @@ class PassHash { } elseif(substr($hash, 0, 6) == '{SMD5}') { $method = 'lsmd5'; $salt = substr(base64_decode(substr($hash, 6)), 16); + } elseif(preg_match('/^:B:(.+?):.{32}$/', $hash, $m)) { + $method = 'mediawiki'; + $salt = $m[1]; } elseif($len == 32) { $method = 'md5'; } elseif($len == 40) { @@ -104,7 +107,7 @@ class PassHash { * applied. * * @param string &$salt The salt, pass null if you want one generated - * @param int $len The length of the salt + * @param int $len The length of the salt */ public function init_salt(&$salt, $len = 32) { if(is_null($salt)) $salt = $this->gen_salt($len); @@ -263,7 +266,7 @@ class PassHash { * * This method was used by old MySQL systems * - * @link http://www.php.net/mysql + * @link http://www.php.net/mysql * @author * @param string $clear The clear text to hash * @return string Hashed password @@ -327,9 +330,9 @@ class PassHash { * an exception. * * @link http://www.openwall.com/phpass/ - * @param string $clear The clear text to hash - * @param string $salt The salt to use, null for random - * @param string $magic The hash identifier (P or H) + * @param string $clear The clear text to hash + * @param string $salt The salt to use, null for random + * @param string $magic The hash identifier (P or H) * @param int $compute The iteration count for new passwords * @throws Exception * @return string Hashed password @@ -430,8 +433,8 @@ class PassHash { * will break. When no salt is given, the iteration count can be set * through the $compute variable. * - * @param string $clear The clear text to hash - * @param string $salt The salt to use, null for random + * @param string $clear The clear text to hash + * @param string $salt The salt to use, null for random * @param int $compute The iteration count (between 4 and 31) * @throws Exception * @return string Hashed password @@ -450,4 +453,19 @@ class PassHash { return crypt($clear, $salt); } + /** + * Password hashing method 'mediawiki' + * + * Uses salted MD5, this is referred to as Method B in MediaWiki docs. Unsalted md5 + * method 'A' is not supported. + * + * @link http://www.mediawiki.org/wiki/Manual_talk:User_table#user_password_column + * @param string $clear The clear text to hash + * @param string $salt The salt to use, null for random + * @return string Hashed password + */ + public function hash_mediawiki($clear, $salt = null) { + $this->init_salt($salt, 8); + return ':B:'.$salt.':'.md5($salt.'-'.md5($clear)); + } } -- cgit v1.2.3 From 925ad1487c71b97ed6cdb2e339a8d84abd199fef Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 26 Jan 2013 13:37:56 +0100 Subject: allow varying salt length in password hasher --- inc/PassHash.class.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'inc/PassHash.class.php') diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 6918a04b4..15ea8cbcf 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -104,14 +104,18 @@ class PassHash { * Initialize the passed variable with a salt if needed. * * If $salt is not null, the value is kept, but the lenght restriction is - * applied. + * applied (unless, $cut is false). * * @param string &$salt The salt, pass null if you want one generated * @param int $len The length of the salt + * @param bool $cut Apply length restriction to existing salt? */ - public function init_salt(&$salt, $len = 32) { - if(is_null($salt)) $salt = $this->gen_salt($len); - if(strlen($salt) > $len) $salt = substr($salt, 0, $len); + public function init_salt(&$salt, $len = 32, $cut = true) { + if(is_null($salt)) { + $salt = $this->gen_salt($len); + $cut = true; // for new hashes we alway apply length restriction + } + if(strlen($salt) > $len && $cut) $salt = substr($salt, 0, $len); } // Password hashing methods follow below @@ -465,7 +469,7 @@ class PassHash { * @return string Hashed password */ public function hash_mediawiki($clear, $salt = null) { - $this->init_salt($salt, 8); + $this->init_salt($salt, 8, false); return ':B:'.$salt.':'.md5($salt.'-'.md5($clear)); } } -- cgit v1.2.3 From dfbe4adfd080433f91409f028935b9f9879fceca Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 26 Jan 2013 13:38:20 +0100 Subject: added SHA512 hashing method FS#2663 --- inc/PassHash.class.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'inc/PassHash.class.php') diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 15ea8cbcf..080fb4778 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -61,6 +61,9 @@ class PassHash { } elseif(preg_match('/^:B:(.+?):.{32}$/', $hash, $m)) { $method = 'mediawiki'; $salt = $m[1]; + } elseif(preg_match('/^\$6\$(.+?)\$/', $hash, $m)) { + $method = 'sha512'; + $salt = $m[1]; } elseif($len == 32) { $method = 'md5'; } elseif($len == 40) { @@ -457,6 +460,25 @@ class PassHash { return crypt($clear, $salt); } + /** + * Password hashing method SHA512 + * + * This is only supported on PHP 5.3.2 or higher and will throw an exception if + * the needed crypt support is not available + * + * @param string $clear The clear text to hash + * @param string $salt The salt to use, null for random + * @return string Hashed password + * @throws Exception + */ + public function hash_sha512($clear, $salt = null) { + if(!defined('CRYPT_SHA512') || CRYPT_SHA512 != 1) { + throw new Exception('This PHP installation has no SHA512 support'); + } + $this->init_salt($salt, 8, false); + return crypt($clear, '$6$'.$salt.'$'); + } + /** * Password hashing method 'mediawiki' * -- cgit v1.2.3