Hi, I'm trying to make an online portal for my server where players can change their password, ... I'm using SimpleAuth and storing passwords in a MySQL database. Which hash does SimpleAuth use to encrypt the password? I've already looked in the code but i don't really understand it, maybe you could write an example how to do it on a website.
PHP: /*** Uses SHA-512 [http://en.wikipedia.org/wiki/SHA-2] and Whirlpool [http://en.wikipedia.org/wiki/Whirlpool_(cryptography)]** Both of them have an output of 512 bits. Even if one of them is broken in the future, you have to break both of them* at the same time due to being hashed separately and then XORed to mix their results equally.** @param string $salt* @param string $password** @return string[128] hex 512-bit hash*/private function hash($salt, $password){ return bin2hex(hash("sha512", $password . $salt, true) ^ hash("whirlpool", $salt . $password, true));}
Sure, thats the part I understood, but how to call the function hash()? I'm trying to call hash("username", "cleartextpassword");, but there's an error: Warning: hash(): Unknown hashing algorithm: username in /***/htdocs/simpleauth_bridge/index.php on line 19 Here's my code: PHP: <?phpinclude 'db.inc.php';class index { function hash($salt, $password){ return bin2hex(hash("sha512", $password.$salt, true) ^ hash("whirlpool", $salt.$password, true)); }}$name = "username";$result = $db->query('SELECT * FROM simpleauth_players WHERE name = "'.$name.'"');$row = $result->fetch_assoc();echo $row['hash'];echo "<hr>";echo hash(strtolower("username"), "nohackpwd"); I've tried many things but it's always not the same hash like in database or there's an error. How to do that?
That's not how you use the hash function the first parameter is suppose to be an algorithm. That's why you get the error "hash(): Unknown hashing algorithm: username" because you are telling it to use "username" as the algorithm to hash the password. Also what going on with your Parentheses?
He's implemented the hash function himself, read the thread carefully before answering please. hash() should not be in a class. PHP: function hash($salt, $password){ return bin2hex(hash("sha512", $password.$salt, true) ^ hash("whirlpool", $salt.$password, true));}$name = "username";$result = $db->query('SELECT * FROM simpleauth_players WHERE name = "'.$name.'"');$row = $result->fetch_assoc();echo $row['hash'];echo "<hr>";echo hash(strtolower("username"), "nohackpwd");
Thank you, the error was very easy When I used function hash(), there was an error because this function already exists, so i renamed it to hashit() or something special, then it worked.
Regardless the error can be replicated using the default hash function, so I wasn't wrong at all. Which could also be a hint to properly implement his own function . So please try understanding where I'm coming from, rather than jumping on the train and assuming I didn't read the thread which wasn't the case at all.