No announcement yet.

PHP & Cryptography/Hashing

  • Filter
  • Time
  • Show
Clear All
new posts

  • PHP & Cryptography/Hashing

    Hi. Is it possible to create via PHP the same hash made in unix/linux for .htaccess passwords ?

    I tried (there's even a hack about...) to use the crypt() function, but never managed to obtain the same hash stored in linux server file...

    Generally, how could I obtain STANDARD SHA-1 byte/char sequences ?

  • #2
    Its 6am here so I may be wrong, but try the md5() function....


    • #3
      MD5 hashing is often used to one-way crypting password... but as far as I know, on unix is used standard DES (SHA-1) algo.

      Btw, I can't manage to obtain any way (both with crypt(..., $salt) or md5() ) EXACTLY my 13-char encrypted password stored in .htaccess/.htpasswd file.
      ---> Username:xxxxxxxxxxxxx

      Actually the problem is:
      HOW TO CALCULATE $salt before encrypting a string... ???
      As you can see, on is said the salt is made by the first two chars of the encrypted string...
      Well, it's true.
      AFTER reading the .htaccess file, I can retrieve the first two chars of an hashed password, then use them as salt string.
      This way, crypt("password",$salt) actually returns the correct hashed (DES SHA-1) password stored in .htaccess...

      BUT HOW could I know BEFORE the salt 2-byte string ?

      Last edited by Jet; Tue 23 Apr '02, 6:43am.


      • #4
        The question is, why do you need to make a PHP function for this? Just have PHP run it in a shell...
        passthru(), system(), backtick operator, etc...


        • #5
          Simply, I would understand and study the algorithm...
          I though, a given password, only ONE hash was possible, as it is for md5() function...
          Instead, with all crypt() algos, there is a new dimension variant: salt.
          For example, in STD DES encryption, it introduces a variance of 4096 (2 bytes by 6-bit coding=base64) possibilities for each original string to hash...
          And the right key is in the hashed string itself....


          Related Topics