duansha7453 2011-04-06 16:42
浏览 64
已采纳

在php中使用Ruby sha512密码检索

(Updated due to some confusion over my question) We use this method to generate a digested_password, which is saved to our database for later lookup. When we authenticate a user to our application, this method is again ran against their input and if the digested_password output matches the digested_password we saved in the database we authenticate them. I need to reproduce this function in PHP for another application that shares the database.

def self.hash_password( password, salt )
  salted_password = password.insert 4, salt
  digested_password = Digest::SHA512.hexdigest("#{salted_password}")
  return digested_password
end

I really have no experience with Ruby so please forgive my lack of understanding.

Thanks!

  • 写回答

4条回答 默认 最新

  • duanpiangeng8958 2011-04-06 16:55
    关注

    Because you can't "retrieve" a password from a one-way hash like SHA-512, the closest we can get is being able to generate the same hash from the same password and salt. Let's look at the Ruby code:

    def self.hash_password( password, salt )
      salted_password = password.insert 4, salt
      digested_password = Digest::SHA512.hexdigest("#{salted_password}")
      return digested_password
    end
    

    The only thing a bit "weird" here is the call to the .insert method on the password string. It's basically splicing the salt right into the password, starting at the fourth character index. Normally salts are simply concatenated with the password.

    We can replicate this using substr:

    function hash_password($password, $salt) {
        $salted_password = substr($password, 0, 4) . $salt . substr($password, 4);
        return hash('sha512', $salted_password);
    }
    

    I'm using the now-default hash extension here, as it's pretty much the most reliable way to generate a SHA-512 hash.

    Using this code, you should be able to generate identical hashes for a given identical password and salt combination. I'm not sure what the behavior would be when the password is less than five characters long.


    Yup, looks like it should work:

    [charles@lobotomy ~]$ irb
    irb(main):001:0> require 'digest/sha2'
    => true
    irb(main):002:0> def hash_password( password, salt )
    irb(main):003:1>   salted_password = password.insert 4, salt
    irb(main):004:1>   digested_password = Digest::SHA512.hexdigest("#{salted_password}")
    irb(main):005:1>   return digested_password
    irb(main):006:1> end
    => nil
    irb(main):007:0* puts hash_password('password', 'salt')
    92d3efdbf51d199b0930c427b77dc8d5cf41ac58b6fab5f89cc3f32d719a8f6ffcdff6211bdd0565a6e7b09925839e5dcce1fa5abf65eca87c6a883ab0b510b9
    => nil
    irb(main):018:0> exit
    [charles@lobotomy ~]$ 
    [charles@lobotomy ~]$ php -a
    Interactive shell
    
    php > function hash_password($password, $salt) {
    php {     $salted_password = substr($password, 0, 4) . $salt . substr($password, 4);
    php {     return hash('sha512', $salted_password);
    php { }
    php > echo hash_password('password', 'salt');
    92d3efdbf51d199b0930c427b77dc8d5cf41ac58b6fab5f89cc3f32d719a8f6ffcdff6211bdd0565a6e7b09925839e5dcce1fa5abf65eca87c6a883ab0b510b9
    php >
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B
  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿