我正在尝试在php中复制以下代码以创建基于Web的帐户创建脚本,但我真的不明白在md5哈希之前发生了什么。
这是代码:
reg_seconds = (unsigned) regtime / 3600L;
ch = strlen (&password[0]);
_itoa (reg_seconds, &config_data[0], 10 );
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
//printf ("New password = %s\n", password );
MDString (&password[0], &MDBuffer[0] );
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
使用密码&#34;密码&#34;和#34; 399969&#34;我得到一个哈希密码&#34; 9a5c041c5b37febc90ad3dc66ec62c83&#34;
任何人都可以解释究竟发生了什么以及最后的字符串是什么被哈希?
答案 0 :(得分:1)
好的,让我们一行一行,假设密码=“密码”,regtime = 399969
reg_seconds = (unsigned) regtime / 3600L;
=> reg_seconds = 111 NB incoherent with the name, isn't is regtime % 3600L
ch = strlen (&password[0]);
=> ch = 8
_itoa (reg_seconds, &config_data[0], 10 );
=> config_data = "111"
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
=> password = "password_111_salt"
//printf ("New password = %s\n", password ); Why did not you uncomment this ?
MDString (&password[0], &MDBuffer[0] );
MDBuffer receives the binary hash
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
md5password receives the hex encoded hash : "033f7d591eda915e708571edd255b511"
Oups它不是预期的哈希!
因为399969 不 regtime但在上面的代码中是reg_seconds ...所以
password = "password_399969_salt"
md5password = "9a5c041c5b37febc90ad3dc66ec62c83"