在php中使用Ruby sha512密码检索

(Updated due to some confusion over my question) We use this method to generate a digested_password, which is saved to our database for later lookup. When we authenticate a user to our application, this method is again ran against their input and if the digested_password output matches the digested_password we saved in the database we authenticate them. I need to reproduce this function in PHP for another application that shares the database.

def self.hash_password( password, salt )
  salted_password = password.insert 4, salt
  digested_password = Digest::SHA512.hexdigest("#{salted_password}")
  return digested_password
end

I really have no experience with Ruby so please forgive my lack of understanding.

Thanks!

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

4条回答默认最新

duanpiangeng8958 2011-04-06 16:55

关注

Because you can't "retrieve" a password from a one-way hash like SHA-512, the closest we can get is being able to generate the same hash from the same password and salt. Let's look at the Ruby code:

def self.hash_password( password, salt )
  salted_password = password.insert 4, salt
  digested_password = Digest::SHA512.hexdigest("#{salted_password}")
  return digested_password
end

The only thing a bit "weird" here is the call to the .insert method on the password string. It's basically splicing the salt right into the password, starting at the fourth character index. Normally salts are simply concatenated with the password.

We can replicate this using substr:

function hash_password($password, $salt) {
    $salted_password = substr($password, 0, 4) . $salt . substr($password, 4);
    return hash('sha512', $salted_password);
}

I'm using the now-default hash extension here, as it's pretty much the most reliable way to generate a SHA-512 hash.

Using this code, you should be able to generate identical hashes for a given identical password and salt combination. I'm not sure what the behavior would be when the password is less than five characters long.

Yup, looks like it should work:

[charles@lobotomy ~]$ irb
irb(main):001:0> require 'digest/sha2'
=> true
irb(main):002:0> def hash_password( password, salt )
irb(main):003:1>   salted_password = password.insert 4, salt
irb(main):004:1>   digested_password = Digest::SHA512.hexdigest("#{salted_password}")
irb(main):005:1>   return digested_password
irb(main):006:1> end
=> nil
irb(main):007:0* puts hash_password('password', 'salt')
92d3efdbf51d199b0930c427b77dc8d5cf41ac58b6fab5f89cc3f32d719a8f6ffcdff6211bdd0565a6e7b09925839e5dcce1fa5abf65eca87c6a883ab0b510b9
=> nil
irb(main):018:0> exit
[charles@lobotomy ~]$ 
[charles@lobotomy ~]$ php -a
Interactive shell

php > function hash_password($password, $salt) {
php {     $salted_password = substr($password, 0, 4) . $salt . substr($password, 4);
php {     return hash('sha512', $salted_password);
php { }
php > echo hash_password('password', 'salt');
92d3efdbf51d199b0930c427b77dc8d5cf41ac58b6fab5f89cc3f32d719a8f6ffcdff6211bdd0565a6e7b09925839e5dcce1fa5abf65eca87c6a883ab0b510b9
php >

本回答被题主选为最佳回答 , 对您是否有帮助呢?

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongmen1860 2011-04-06 16:48
关注
SHA512 is a one way hash function, meaning that you can't easily get the input for any given output.

It is possible, but very expensive, to build a rainbow table. Because this is a salted hash, it's even more difficult

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容
关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dsubq24666 2011-04-06 17:11
关注
function hash_password($password, $salt) { $salted_password = substr_replace($password, $salt, 4, 0); $digested_password = hash('sha512', $salted_password); return $digested_password; }
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容
关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douping1581 2011-04-06 17:12
关注
I figured it out. I didn't quite understand the insert method in Ruby, and it turns out the salt is being inserted into the password at the fourth character. Here is the PHP equivalent:

$password_input = "derpaderp"; $password_salt = "aderp"; $arg=substr_replace($password_input, $password_salt, 4, 0); $pass = hash('sha512', $arg); if ( $digested_password_from_database == $pass ){ echo "success!"; }

Thanks for your replies folks.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(3条)

报告相同问题？

关注问题

在php中使用Ruby sha512密码检索 php ruby
2011-04-06 16:42

回答 4 已采纳 Because you can't "retrieve" a password from a one-way hash like SHA-512, the closest we can get i
在rails上的ruby中运行php脚本[重复] php ruby
2018-05-25 00:08

回答 1 已采纳 You can use the Kernel#exec function to call another scripts in the SO. Example: exec( "php /foo
ruby在php中有类似的多维数组吗？ php ruby
2016-09-21 02:35

回答 2 已采纳 Although the answer by @davidhu2000 is more or less correct, I would go with more robust solution:
php7中shal(),十个你需要在 PHP 7 中避免的坑
2021-03-13 08:50

尔啃的博客 1. 不要使用 mysql_ 类函数终于，你不用再看到建议不要使用mysql_函数的提示了。因为 PHP 7 从核心上完全移除了它们，这意味着请你移步至更好的 mysqli_ 类函数，或者更灵活的 PDO 层。2. 不要写无用的代码这看上去...
如何使用PHP解组Ruby对象 php ruby
2015-07-01 11:20

回答 2 已采纳 As far as I know, there is no deserializer for Ruby's internal Marshal format for PHP. You can wri
PHP中的Ruby映射函数？ php ruby
2014-02-07 22:34

回答 1 已采纳 You have array_map. For example: $my_arr = array_map(function($el) { return $el['id']; }, $a
Ruby和PHP在一起 php ruby
2013-07-24 05:17

回答 1 已采纳 You can invoke PHP interpreter from inside Ruby as an external command, whether with system, backt
人生最好的php，mysql，linux，redis，docker等相关技术经典面试题，新手收藏学习，持续更新中。。。
2021-04-25 14:35

黄昏单车的博客 php面试题 1、写出你能想到的所有HTTP返回状态值，并说明用途（比如：返回404表示找不到页面） # 200：服务器请求成功 # 301：永久重定向，旧网页已被新网页永久替代 # 302：表示临时性重定向 # 400：错误请求 # 401...
在Ruby中追加并增加哈希值 php ruby
2016-01-25 09:16

回答 2 已采纳 I think PHP's array/hash duality confuses you. A "hash with auto-incrementing keys" would be just
在Rails中服务PHP ajax javascript php ruby
2015-06-27 00:12

回答 1 已采纳 Sure, you can do this in Rails. First, you need to define the route for your request. Write the fo
在PHP中使用Stanford Core NLP？ nlp php
2013-04-28 23:32

回答 1 已采纳 In a past project, we tried searching for a PHP library that would work well with Core NLP to no a
在Nodejs中使用JSON WEB Tokens
2017-07-09 18:36

刘春强的博客正因如此，服务器端的组建也正正在从传统的任务中解脱，转而变的更像API。API使得传统的前端和后端的概念解耦。开发者可以脱离前端，独立的开发后端，在测试上获得更大的便利。这种途径也使得一个移动应用和网页应用...
PHP执行Ruby脚本并捕获JSON结果 json php
2017-10-04 13:57

回答 2 已采纳 My problem is that this printed directly to the screen and is not capture in the variable $res.
详解PHP连接Impala安装与配置
2019-02-15 10:33

水行云起的博客 title: 详解PHP连接Impala安装与配置 date: 2017-12-08 categories: 技术 tags: PHP impala Impala的SQL语法参考 https://www.cloudera.com/documentation/enterprise/latest/topics/impala_langref_sql.html PHP...
Deserialization反序列化漏洞
2022-05-14 19:13

Eason_LYC的博客 PHP中的任意对象注入（Arbitrary object injection in PHP）目标：删除carlos用户的 /home/carlos/morale.txt文件 hint: 可以通过在文件名后附加一个波浪号(~)来读取源代码，以检索由编辑器生成的备份文件。...
没有解决我的问题, 去提问

悬赏问题

¥15 Tpad api账户 api口令
¥30 ppt进度条制作，vba语言
¥15 stc12c5a60s2单片机测光敏ADC
¥15 生信simpleaffy包下载
¥15 请教一下simulink中S函数相关问题
¥15 在二层网络中，掩码存在包含关系即可通信
¥15 端口转发器解析失败不知道电脑设置了啥
¥15 Latex算法流程图行号自定义
¥15 关于#python#的问题：我在自己的电脑上运行起来总是报错，希望能给我一个详细的教程，(开发工具-github)
¥40 基于51单片机实现球赛计分器功能

在php中使用Ruby sha512密码检索

4条回答 默认 最新

悬赏问题

4条回答默认最新