duansha7453 2011-04-06 16:42
浏览 64
已采纳

在php中使用Ruby sha512密码检索

(Updated due to some confusion over my question) We use this method to generate a digested_password, which is saved to our database for later lookup. When we authenticate a user to our application, this method is again ran against their input and if the digested_password output matches the digested_password we saved in the database we authenticate them. I need to reproduce this function in PHP for another application that shares the database.

def self.hash_password( password, salt )
  salted_password = password.insert 4, salt
  digested_password = Digest::SHA512.hexdigest("#{salted_password}")
  return digested_password
end

I really have no experience with Ruby so please forgive my lack of understanding.

Thanks!

  • 写回答

4条回答 默认 最新

  • duanpiangeng8958 2011-04-06 16:55
    关注

    Because you can't "retrieve" a password from a one-way hash like SHA-512, the closest we can get is being able to generate the same hash from the same password and salt. Let's look at the Ruby code:

    def self.hash_password( password, salt )
      salted_password = password.insert 4, salt
      digested_password = Digest::SHA512.hexdigest("#{salted_password}")
      return digested_password
    end
    

    The only thing a bit "weird" here is the call to the .insert method on the password string. It's basically splicing the salt right into the password, starting at the fourth character index. Normally salts are simply concatenated with the password.

    We can replicate this using substr:

    function hash_password($password, $salt) {
        $salted_password = substr($password, 0, 4) . $salt . substr($password, 4);
        return hash('sha512', $salted_password);
    }
    

    I'm using the now-default hash extension here, as it's pretty much the most reliable way to generate a SHA-512 hash.

    Using this code, you should be able to generate identical hashes for a given identical password and salt combination. I'm not sure what the behavior would be when the password is less than five characters long.


    Yup, looks like it should work:

    [charles@lobotomy ~]$ irb
    irb(main):001:0> require 'digest/sha2'
    => true
    irb(main):002:0> def hash_password( password, salt )
    irb(main):003:1>   salted_password = password.insert 4, salt
    irb(main):004:1>   digested_password = Digest::SHA512.hexdigest("#{salted_password}")
    irb(main):005:1>   return digested_password
    irb(main):006:1> end
    => nil
    irb(main):007:0* puts hash_password('password', 'salt')
    92d3efdbf51d199b0930c427b77dc8d5cf41ac58b6fab5f89cc3f32d719a8f6ffcdff6211bdd0565a6e7b09925839e5dcce1fa5abf65eca87c6a883ab0b510b9
    => nil
    irb(main):018:0> exit
    [charles@lobotomy ~]$ 
    [charles@lobotomy ~]$ php -a
    Interactive shell
    
    php > function hash_password($password, $salt) {
    php {     $salted_password = substr($password, 0, 4) . $salt . substr($password, 4);
    php {     return hash('sha512', $salted_password);
    php { }
    php > echo hash_password('password', 'salt');
    92d3efdbf51d199b0930c427b77dc8d5cf41ac58b6fab5f89cc3f32d719a8f6ffcdff6211bdd0565a6e7b09925839e5dcce1fa5abf65eca87c6a883ab0b510b9
    php >
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 同一个网口一个电脑连接有网,另一个电脑连接没网
  • ¥15 神经网络模型一直不能上GPU
  • ¥15 pyqt怎么把滑块和输入框相互绑定,求解决!
  • ¥20 wpf datagrid单元闪烁效果失灵
  • ¥15 券商软件上市公司信息获取问题
  • ¥100 ensp启动设备蓝屏,代码clock_watchdog_timeout
  • ¥15 Android studio AVD启动不了
  • ¥15 陆空双模式无人机怎么做
  • ¥15 想咨询点问题,与算法转换,负荷预测,数字孪生有关
  • ¥15 C#中的编译平台的区别影响