似乎是PassHash sha1和Secret(也许是盐)md5
我已经尝试了很多哈希算法(使用hashcat) 但没有结果..
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
stderr("Error", "Missing form data.");
if ($_POST["password"] != $_POST["password2"])
stderr("Error", "Passwords mismatch.");
if (!validemail($_POST['email']))
stderr("Error", "Not valid email");
$username = sqlesc($_POST["username"]);
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$secret = mksecret();
$passhash = sqlesc(md5($secret . $password . $secret));
$secret = sqlesc($secret);
mysql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', $email)") or sqlerr(__FILE__, __LINE__);
$res = mysql_query("SELECT id FROM users WHERE username=$username");
$arr = mysql_fetch_row($res);
if (!$arr)
stderr("Error", "Unable to create the account. The user name is possibly already taken.");
header("Location: $BASEURL/userdetails.php?id=$arr[0]");
die;
}
此代码https://github.com/mlangill/biotorrents/blob/master/adduser.php
这是什么类型的哈希?
谢谢
答案 0 :(得分:1)
哈希(7d022cb232c1245fcfe03584477ca247c4efeefe)有40个字符,使其看起来像SHA1。
MD5哈希只有32个字符。
您在示例中使用salted hashes进行密码哈希处理。 e1e69fc477abad67f92d7e8fc824d29f6e03d776是sha1sum,而wf678r4mk4boix98rfrgefa0zzelka97似乎是盐。