PHP 7.2.0 Release Candidate 2 Released

sha1

(PHP 4 >= 4.3.0, PHP 5, PHP 7)

sha1Calculate the sha1 hash of a string

Avertizare

It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.

Descrierea

string sha1 ( string $str [, bool $raw_output = false ] )

Calculates the sha1 hash of str using the » US Secure Hash Algorithm 1.

Parametri

str

The input string.

raw_output

If the optional raw_output is set to TRUE, then the sha1 digest is instead returned in raw binary format with a length of 20, otherwise the returned value is a 40-character hexadecimal number.

Valorile întoarse

Returns the sha1 hash as a string.

Exemple

Example #1 A sha1() example

<?php
$str 
'apple';

if (
sha1($str) === 'd0be2dc421be4fcd0172e5afceea3970e2f3d940') {
    echo 
"Would you like a green or red apple?";
}
?>

A se vedea și

  • sha1_file() - Calculate the sha1 hash of a file
  • crc32() - Calculates the crc32 polynomial of a string
  • md5() - Calculate the md5 hash of a string
  • hash() - Generate a hash value (message digest)
  • crypt() - One-way string hashing
  • password_hash() - Creates a password hash

add a note add a note

User Contributed Notes 31 notes

up
80
nathan
9 years ago
The suggestion below to double-hash your password is not a good idea.  You are much much better off adding a variable salt to passwords before hashing (such as the username or other field that is dissimilar for every account).

Double hashing is *worse* security than a regular hash.  What you're actually doing is taking some input $passwd, converting it to a string of exactly 32 characters containing only the characters [0-9][A-F], and then hashing *that*. You have just *greatly* increased the odds of a hash collision (ie. the odds that I can guess a phrase that will hash to the same value as your password).

sha1(md5($pass)) makes even less sense, since you're feeding in 128-bits of information to generate a 256-bit hash, so 50% of the resulting data is redundant.  You have not increased security at all.
up
11
Gregory Boshoff
10 years ago
Note that the sha1 algorithm has been compromised and is no longer being used by government agencies.

As of PHP 5.1.2 a new set of hashing functions are available.

http://www.php.net/manual/en/function.hash.php

The new function hash() supports a new range of hashing methods.

echo hash('sha256', 'The quick brown fox jumped over the lazy dog.');

It is recommended that developers start to future proof their applications by using the stronger sha-2, hashing methods such as sha256, sha384, sha512 or better.

As of PHP 5.1.2 hash_algos() returns an array of system specific or registered hashing algorithms methods that are available to PHP.

print_r(hash_algos());
up
2
marcin at marcinwolny dot net
4 years ago
Keep in mind that MD5 is less secure than SHA1.
Older CPUs can calculate MD5 over twice as fast as SHA1. GPUs in parallel calculations can handle MD5 over 3 times as fast as SHA1!

Two Radeon 79xx-series GPUs can calculate a rainbow table for 6-character lowercase MD5 password in... roughly 6 seconds!

Source: http://www.codinghorror.com/blog/2012/04/speed-hashing.html
up
2
ranko84 at gmail dot com
8 years ago
Small update..., well more like fix to the obscure function, replace
<?php
if ($keepLength != NULL)
{
    if (
$hSLength != 0)
    {
       
$hPassHash = substr($hPassHash, $hLPosition, -$hRPosition);
    }
}
?>

with

<?php
if ($keepLength != NULL)
{
    if (
$hSLength != 0)
    {
        if (
$hRPosition == 0)
        {
           
$hPassHash = substr($hPassHash, $hLPosition);
        }
        else
        {
           
$hPassHash = substr($hPassHash, $hLPosition, -$hRPosition);
        }
    }
}
?>

I've been getting few requests to explain how it's used so, this might be little long.

Problems:
1. In most solutions with hash and salt, you were bound to have one extra row in your database that would state, preferably random, salt for that hashed data. If attacker would manage to get drop of your database he would get hashed data and salt that is used with plain data to make it obscure, and then cracking that hashed data would be same as if you didn't add any salt to it.
2. I stumbled upon some functions that would hash data, then input salt into random places in hash and store it in database, but they would still have to write down random parameter used to scramble salt so they could reuse it when validating data. Getting simple database drop wouldn't help much here, but if they would manage to get their hands on obscuring function too, they could easily see what is salt and what hash.

Solutions:
1. Why use extra row to store salt when you can input it in hash. I'm not sure how attackers determine what type of hash are they facing, but I guess it has connection to hash length. In that case, why make attackers job easier and store in database data_hash+salt where they could assume just by it's length it has salt in there.
Reason behind $keepLength. If it's set to 1, strlen of hashed data plus salt would be equal to strlen of hashed data leading attacker to believe there is no salt.
If you leave $keepLength on NULL, strlen of final result would be strlen(used_hash_algorithm)+$hSLength.
$minhPass is there to reserve enough place for string that has to be hashed, so someone using this function wouldn't accidentally delete it by setting too high salt length ($hSLength), for example... if you set it 30000 it will keep working normal.

2. If you think about it, constant, but variable value when making input would be same data that is being input.
In case we're trying to hash password, and have user A with password "notme", password strlen equals to 5, and if we use default parameters of the function, with $keepLength set to 1, process would be:
random salt, hash it, add first 5 characters of hashed_salt at beginning of plain password, add last 5 characters of hashed_salt at end of plain password, hash it. Replace first 5 characters of hashed_password with first 5 character of hashed_salt, do same with last 5 characters of hashed_password, return hashed_password.
In case that string is longer than 10 characters function would use simple mathematics to reduce it to numbers lower than 10, well... lower than number that is stated in $hSLength.
And good thing is that every time user enters correct password it has same length so it's not necessary to write it anywhere.

So what is achieved in the end?
1. Attacker might not know that hash is salted, and you don't have that extra row in your database stating THIS IS SALT FOR THIS HASH.
2. If he does find out that it is, he wouldn't know what is hashed password and what is salt.
3. If he manages to get access to obscure function, only thing that might help him is value of $hSLength, where if $hSLength is set to 10 he would have to crack 10 variations of hashed string since he doesn't know how long password of user he's trying to crack is.
For example first variation would be hashed_password without last 10 characters, second variation would be hashed_password without first character and last 9 characters...
4. Even in case he has enough power to crack all 10 variations, resulting string that he might get doesn't necessarily has to be exactly long as password of original user in which case, attacker fails again.
up
2
ranko84 at gmail dot com
9 years ago
Thanks for the feedback. This should do the trick, I hope.
I think that I haven't understood this sentence completely "In this case you will need the salt to reside in the database along with the username and password." As in, were you refering to previous method, this method or this function.
Salt already resides in database along with username, password, or any string you decide to hash. This function just scrambles it depending on length of string (password) user enters so that attacker has trouble finding out what is salt and what is hash, if attacker even suspects that there is salt (reasons behind $keepLength, or defining $hSLength where you could set it to 24 leading attacker to believe he's facing sha256, not sha1).

<?php
function obscure ($hString, $hDecode = NULL, $hSLength = 10, $keepLength = NULL, $minhPass = 10, $hMethod = sha1)
{
    if (
$hDecode == NULL)
    {
        for (
$i = 0; $i<16; $i++)
        {
           
           
$hSalt = rand(33, 255);
           
$hRandomSalt .= chr($hSalt);
        }
       
$hRandomSalt = hash($hMethod, $hRandomSalt);
    }
    else
    {
       
$hRandomSalt = $hDecode;
    }

    if (
$keepLength != NULL)
    {
       
        if (
$hSLength > (strlen($hRandomSalt) - $minhPass))
        {
           
$hSLength = (strlen($hRandomSalt) - $minhPass);
        }
    }
    else if (
$hSLength < 0)
    {
       
$hSLength = 0;
    }

   
$hLPosition = strlen($hString);

    while (
$hLPosition > $hSLength)
    {
       
$hNumber = substr($hLPosition, -1);
       
       
$hLPosition = $hLPosition * ($hNumber/10);
    }

   
$hLPosition = (integer)$hLPosition;
   
$hRPosition = $hSLength - $hLPosition;

   
$hFSalt = substr($hRandomSalt, 0, $hLPosition);
   
$hLSalt = substr($hRandomSalt, -$hRPosition, $hRPosition);

   
$hPassHash = hash($hMethod, ($hLSalt . $hString . $hFSalt));

    if (
$keepLength != NULL)
    {
        if (
$hSLength != 0)
        {
           
$hPassHash = substr($hPassHash, $hLPosition, -$hRPosition);
        }
    }

    return
$hFSalt . $hPassHash . $hLSalt;
}
?>
up
2
Andre D
8 years ago
Here's a better version of the getDigestNotation() function I posted earlier. (The first version had a bug in the argument checking.)

<?php
function getDigestNotation($rawDigest, $bitsPerCharacter, $chars = NULL)
{
    if (
$chars === NULL || strlen($chars) < 2) {
       
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-,';
    }

    if (
$bitsPerCharacter < 1) {
       
// $bitsPerCharacter must be at least 1
       
$bitsPerCharacter = 1;

    } elseif (
strlen($chars) < pow(2, $bitsPerCharacter)) {
       
// Character length of $chars is too small for $bitsPerCharacter
        // Set $bitsPerCharacter to greatest value allowed by length of $chars
       
$bitsPerCharacter = 1;
       
$minCharLength = 2;

        while (
strlen($chars) >= ($minCharLength *= 2)) {
           
$bitsPerCharacter++;
        }

        unset(
$minCharLength);
    }

   
$bytes = unpack('C*', $rawDigest);
   
$byteCount = count($bytes);

   
$out = '';
   
$byte = array_shift($bytes);
   
$bitsRead = 0;

    for (
$i = 0; $i < $byteCount * 8 / $bitsPerCharacter; $i++) {

        if (
$bitsRead + $bitsPerCharacter > 8) {
           
// Not enough bits remain in this byte for the current character
            // Get remaining bits and get next byte
           
$oldBits = $byte - ($byte >> 8 - $bitsRead << 8 - $bitsRead);

            if (
count($bytes) == 0) {
               
// Last bits; match final character and exit loop
               
$out .= $chars[$oldBits];
                break;
            }

           
$oldBitCount = 8 - $bitsRead;
           
$byte = array_shift($bytes);
           
$bitsRead = 0;

        } else {
           
$oldBitCount = 0;
        }

       
// Read only the needed bits from this byte
       
$bits = $byte >> 8 - ($bitsRead + ($bitsPerCharacter - $oldBitCount));
       
$bits = $bits - ($bits >> $bitsPerCharacter - $oldBitCount << $bitsPerCharacter - $oldBitCount);
       
$bitsRead += $bitsPerCharacter - $oldBitCount;

        if (
$oldBitCount > 0) {
           
// Bits come from seperate bytes, add $oldBits to $bits
           
$bits = ($oldBits << $bitsPerCharacter - $oldBitCount) | $bits;
        }

       
$out .= $chars[$bits];
    }

    return
$out;
}
?>
up
2
Dan
12 years ago
I've noticed websites are now starting to require passwords of a certain length that MUST contain at least 1 non-alphanumeric character. This in itself makes dictionary attacks kind of useless. My web site requires that as well. It uses md5, and appends a site code into the md5 as well. And the include file that contains that site key is outside the public folders. I sure hope I've done enough to keep the bad boys out.
up
2
mark at dot BANSPAM dot pronexus dot nl
13 years ago
Looking for a simple function to implement HMAC-SHA1 but don't want to use the entire PEAR Message lib?

//Calculate HMAC-SHA1 according to RFC2104
// http://www.ietf.org/rfc/rfc2104.txt
function hmacsha1($key,$data) {
    $blocksize=64;
    $hashfunc='sha1';
    if (strlen($key)>$blocksize)
        $key=pack('H*', $hashfunc($key));
    $key=str_pad($key,$blocksize,chr(0x00));
    $ipad=str_repeat(chr(0x36),$blocksize);
    $opad=str_repeat(chr(0x5c),$blocksize);
    $hmac = pack(
                'H*',$hashfunc(
                    ($key^$opad).pack(
                        'H*',$hashfunc(
                            ($key^$ipad).$data
                        )
                    )
                )
            );
    return bin2hex($hmac);
}

It is very useful for client-authentication. see also http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf
Optionally you can change $hashfunc to 'md5' to make this an HMAC-MD5 function ;-)
If you want raw or base64 output instead of hexadecimal, just change the last return line.

Cheers,
Mark

p.s. the "$hmac =" line used to be 1 line but I had to cut it up in order to fit it here ;)
up
2
mgcummings at yahoo dot com
6 years ago
Thought I might save someone else some time trying to figure out how to generate a hash like MySQL5 PASSWORD() makes using just PHP.

$hash = '*' . sha1(sha1($pass), TRUE));
up
2
Helpful Harry
12 years ago
check out these randomized sha1 password storage functions, they output a string of 50 characters, the first 40 characters being a sha1 output based on the last 10 characters - those being a random seed

to encode a password r_n pw_a href=="keyword">, != 2
= .
= > ss="peskyago$olass="keyword">($rawDigest, $bitsRead        >$i < $byteCount 28 / sha1)
 
           
$hSaltspan>$bits];
    }

 sition
, -$byteCount = < class="keyword">);
          &nb>)
,pan class="default">sha1.=
= <
=
NULL$i ];
&nt">$bitsRead
      &nbsnt">$bitsRead ];
&)nt">$bitsRead
];
&llow" target="_blankss="keyword">,
$bitsRead       &nbsspan class="keyword">= = r />       >pow(2it tod_d">= r />        nbsp; .= $bits];
&pan>$hLPosition, -= r />      &nbs,pan class="default">sha1)
,pan class="default">sha1=
powNULL$i ];
&nt">$bitsRead
      &nbsnt">$bitsRead ];
&)nt">$bitsRead
];
&pbsp;   }

  it tod_d">= r />       >$hSaltspan>
.= $halso
.= $rawDigest up o14 up!/div>
down14 up!/div>
mark at dot BANSPAM d14 up
12 years agobobm agohpong>
check 3-04-23 09sites are now 4o implement HMAC-SHA1 but don't want to use the entire 14 up!/MySQL5 PASSWORD() makes using just PHP.
hp?id=54509&page=function.sha1&vote=up" title="Vo016up!" class="usernotes-voteu">up <016up!/div>
down016up!/div>
Helpful Harry
12 years agosv md5,p; &pi/div>ng>
check out2-20 05:26domized sha1 password storage functions, they output a string of 50016up!/MySQL5 PASSWORD() makes using just PHP.
= s) 24 luyworit:iv> <./5092uywo.pl
opyord">fu/usr/locs="bif/ (c/rfc2fasg>For eut baspermisclass(];
&pan>array_shiftpow< class="keyword">++;
&nbs{
      &nb5p;        span class="keyword">=
&nbs n>sp;  303980bcb9e9e6cdec5152 und1af8b0ab1aaa244b58a8d99152673aa22197d0ault">array_shiftsp; &nbs"W/ reshangs"genass="e> tod.=
up 94326do/div>
];
&!pbsp;   }

  h/span>, = ,
28 ];
&pan>$hLPos="default">$hLSalt      ndexspan class="keyword">];
&pa &nbs(p=ran class="keyword">=
< lt">$byte
= .=an>$hLPo cspan class="keyword">];
&pan>$hLPos="default">$hLSalt $i
< $byteCount * 8 / $bitsPesspan>(2i>$hRandomSalspan>8 $hRandomS>8 , $hLPosition, -      &nbsspan class="keyword">=       &nbsspan class="keyword">= < = 8 , $hLPopow, -, ));
   can>,
 faass)n>, =       &nbskeyword">));
   ccn class="default">NULL
* <>span class="keyword">= <>'012345678%span>pow(2. ) {
     sspan>(2i>$hRandomSa= 2, -      &nbsspan class="keyword">= $hRandomSa=authentication. see also 8 , 8 , pow(2. ) {
     sspan>(2i>$hRandomSa= =
$hRandomSdefault">$out
      &nbs] pan>$hLPo span class="default">$hRandomS = ];
&pa++pan>8 ];
&%pan class="keyword">=
< kpan class="default">$hRandomS
$i
< $byteCount * 8 / $bitsPesspan>(2. ) {
     sspan>(2i>$hRandomSa  
           
an class="keyword">= < lt">$byte
, -= $hRandomSa ?pan class="keyword">=
< i>$hRandomSdefault">$out$hRandomSdefault">$out
. $out
, (2obscur cn class="default">NULL = < san>(= < phpcode"r />class="default">$hRandomSa>= < kspan class="keyword">];
&pan>$hLPosspan>(2phpcode"r />       =ran class="keyword">= < jan>];
&pan>$hLPo kspan class="keyword">];
&pan>$hLPo kspan class="keyword">];
&nt">// Bits come from seperate bytean>, = < kspan class="keyword">];
&:
* 8 ];
&pan>$hLPos="default">$hLSalt      ndexspan class="keyword">];
&pa &nbs(p=ran class="keyword">=
< lt">$byte = .=class="keyworn class="default">$i < $byteCount * 8 / $bitsPe san>(8 $hRandomS>8 , $hLPosition, -      &nbsspan class="keyword">=       &nbsspan class="keyword">= < = 8 , $hLPopow, -, ));
   can>,
 faass)n>, =       &nbskeyword">));
   ccn class="default">NULL
* <>span class="keyword">= <>'012345678%sn>$hLPosspan>(2obscur cn class="default">NULL 2. $hStjr />      &nbsspan class="keyword">= $hRandomSa=authentication. see also 8 , 8 , $hLPosspan>(2obscur cn class="default">NULL $out$hRandomSdefault">$out$hLPo jr />      &nbs = ];
&pa++pan>8 ];
&%pan class="keyword">=
< kpan class="default">$hRandomS
$i
< $byteCount * 8 / $bitsPe san>(an class="keyword">= < lt">$byte NULL $out$hRandomSdefault">$out
up 6623up!/div>
down
Helpful Harry
12 years agoerlencong>
check 6-05-17 sim15domized sha1 password storage functions, they output a string of 56623up!/MySQL5 PASSWORD() makes using just PHP.
on t correctnbehaviour", w/ resperhap on t =" liv (> lasore>$bitsded)nbehaviour".rget="_blankAlways honorl="nofxpend>d data typesrn cl random p:)epLenfxpends />to encoas inputI've duth:trsl/>to encodnssxit. >to encoas goodoas "any". Be fabsp;an> <"")ai09 res
"",npw_nyt;> 9 res <"a")a
? "b"? "c">http://www.iAn pubs/webauth:t systemaiv> absp;srn clshfun mac 2r describan> &nbmerely2a ="yhrefue &npw_aapplbauth:t tv> mac =" lidivpdf yeanb/ccese clareto end>d data ve d &nbsencod, noi yeanbbss="pdfan> st ="yhi>h"> >
];
&pbpan>$hLPos>NULL$i , -.r/span>$hRandomSdefault">$out.]p=ran class="keyword">= <"/manual/vot,nbspwov cl2a shfun<"ss. My w". Nood, noipers:t tv> muese it. "$hFsass="phpcode"> up 18770 u
down
mgcummings at yahoo 18770 v> ¶
12 years agojca21">mailoago
down
mgcummings at yahoo 09602 > ¶
12 years agorhp8">ng>
Though2-08-01 10:57domized sh5 password storage functions, they output a string of 5/09602 u
. , . $hStpwspan class="keyword">= < starray_shift
NULL$i array_shift$bitsRead NULL$i array_shift$bitsRead NULL$i )palt , array_shiftan class="keyword">= < dummyass="keyword">< $byteCount $bitsRead $bitsRead sp;  ="default">$byteCount =sp;  9ault">array_shiftan class="keyword">= );
  &n(doub=
array_shift
= < 000000cn class="default">NULL $i
< $byteCount * 8 / $i (2dummycn class="default">NULL = <>'01234567lspan>fault">fault">p;     $keyass="default">p;   $keyass="default">an class="keyword">= < swapspan class="keyword">];
&pan>$hLPomt_ class="keyword">);
  &nclass="default">$byteCount
* <,pan class="default">sha1(2dummycn class="default">NULL $byteCount * <7 an class="keyword">=
< tmpspan class="keyword">];
&pan>$hLPo>dummycn class="default">NULL $out.] an class="keyword">= < dummycn class="default">NULL $out.] pan>$hLPo dummycn class="default">NULL $out* <] an class="keyword">= < dummycn class="default">NULL $out* <] pan>$hLPo tmppan class="default">$hRandomS
NULL$i , -$bitsRead sp;  ="default">$byteCount 2dummycn class="default">NULL 2* <,pan class="default">sha1array_shift
=efault">$out
array_shift$out array_shiftsp; &nbs"d="V:"/span>.nt">$bitsRead . $hStpwspan class="keyword">= < starray_shift= <"/manu
up 77817 u
down<77817 u
mgcummings at yahoo77817 v> ¶
12 years agoNoNamrsp
check 7- 9 b3 03:26domized sha0 password storage functions, they output a string of 577817 u httpreladovely2easyidiv>
colliclason clany alphclameric=plain a sd"dea goven,ai09"i" class=via e.g.ti rainb an clf" "no.-note.php?id=56503&page=function.sha1&vote=up" title="V90301do" class="usernotes-voteu">up 90301do/div>
down
Helpful Harry
12 years agopspasp
check 9 04-15 sim57domized sh8 password storage functions, they output a string of 590301do/MySQL5 PASSWORD() makes using just PHP.
has /dis_aet tod sosi>he thbct
an clf" "no,od="Vul.,aplaceoi>ht>oo"posikeywoutladovehrefunct class="dephpcode" (/stw"e> 0 ve dlelass="ded="Vusype< ?lod5?))sv cl>getDigd="Ved phpcode">oo"phpcode" d="Vuiv claa st ttpdy"07icust cplaced dee en" liywophpcode" lelassmd5 e tt 5!= he9 resbctplaced t>oony posikeyw,sbcca rel="&nb&nb an clf"> hmearsl/i" caef=a0 di"keywar cattacks (v clapossiblity="deup/di40)on cleach > t> ceoo"phpcode" &nbc="kes"> rypted phpcode". Vblank VblankIf mac cv> gssis saphpcode" s"yhbsp;y mgeth,nbspwoifm, TRa1($g>Fsaaslgok t>oo ois saf= ( y8"> gssit. Vblank VblankNocl>g> &nbsecur ,s> ="&nb 9 rest> o gssit.d5 > isl/i" caef=byididays te"hnologies. Vblank VblankPspa Vblank Vblank>
an class="keyword">=ord">. , . $hStinTa sspan class="keyword">= < st. $outNULL = $outarray_shiftass="default">an class="keyword">=>$bits ass="default">an class="keyword">=lt">$hLPo ta sH/span>, $hLPo. $hStmodrsp; = ); pan class="default">ass="default">an class="keyword">=>$bits ass="default">an class="keyword">=lt">$hLPo st, -$hsspan>(2pnTa s); pan class="default">ass="default">an class="keyword">=>$bits ass="default">an class="keyword">=keyword">ifass="default">$i , $h>NULL ass="default">ass="default">an class="keyword">=lt">$hLPo st, $hLPo. $hStmodrsp; = );
          &nb class="keyword">);
  &nsspan class="keyword">=
); pan class="default">ass="default">} pan class="default">ass="default">an class="keyword">=>$bits ass="default">an class="keyword">=keyword">ifass="default">$i
, -nt">// Bits come from seperate bytean>,
, -npan>$bitsPesspan>(2i>. ass="default">ass="default">an class="keyword">=lt">$hLPo ta sH/spStar/span>, -$hsition, -* <,pan class="default">sha1* <,pan class="default">sha1); pan class="default">ass="default">ass="default">an class="keyword">=lt">$hLPo ta sH/spEn span class="keyword">];
&p/span>$hsition, -* <,pan class="default">sha1,pan class="default">sha1(2i>. ass="default">ass="default">an class="keyword">=lt">$hLPo ed H/span>, $hLPo. $hStmodrsp; = < ta sH/spEn /span>.nt">$bitsRead i>. $bitsRead ta sH/spStar/); pan class="default">ass="default">} elseifass="default">$i , -nt">/pan>pow(2i>. $byteCount * <7) { pan class="default">ass="default">ass="default">an class="keyword">=lt">$hLPo ed H/span>, $hLPo. $hStmodrsp; = < ta sH/sp/span>.nt">$bitsRead i>. ass="default">} else { pan class="default">ass="default">ass="default">an class="keyword">=lt">$hLPo ed H/span>, $hLPo. $hStmodrsp; i>. $bitsRead ta sH/span>. ass="default">} pan class="default">ass="default">an class="keyword">=>$bits ass="default">an class="keyword">=lt">$hLPo outpu/sn>, $hLPo>i>. $bitsRead ed H/span>. ass="default">
} pan cl
up 88057 u/div>
down
Helpful Harry
12 years agomV07-rsp
check 9 01-07 05:49domized sh8 password storage functions, they output a string of 588057 u/MySQL5 PASSWORD() makes using just PHP.
dat;> ranko84 islywo2bed ,nanch
, . $hStphpcode"r />      &nbsspan class="keyword">= ];
&pan>.) pan cl{ pan class="default">ass="default">an class="keyword">=>$bits ass="default">spaAdded byl(grosbedo ATass="default">an class="keyword">=keyword">iflass="default">$i , -p$h>NULL ass="default">{ pan class="default">ass="default">ass="default">an class="keyword">=lt">$hLPo st, $hLPo. $hStalgorythcsp; = );
          &nb class="keyword">);
  &nsspan class="keyword">=
); pan class="default">ass="default">} pan cl pan class="default">an class="keyword">=>$bits pan>$hSt];
&p/span>$hsspan>(2i>$hRandomSa pan cl pan class="default">an class="keyword">=>$bits pan>$hStphpcode"_ class=pan class="keyword">];
&p/span>$hsspan>(2phpcode"r />       = pan cl pan class="default">an class="keyword">=>$bits spaoony case,ospabcta2maximumt"ded=ldespalge eab/nctphpcode"/itpan>$hStphpcode"_max_ class=pan class="keyword">];
&p/span>$ht];
&//span>$h>'0123456= pan cl pan class="default">an class="keyword">=>$bits pan>iflass="default">$i ];
&/manp/span>$htphpcode"_max_ classan class="default">NULL { pan class="default">ass="default">an class="keyword">=lt">$hLPo st, $hLPosition, -(= * <,/span>$htphpcode"_max_ classan class="default">NULL } pan class="default">else pan class="default">{ pan class="default">ass="default">an class="keyword">=lt">$hLPo st, $hLPosition, -(= * <,/span>$htphpcode"_ classan class="default">NULL } pan cl pan class="default">an class="keyword">=>$bits -];
&p/span>$hsspan>(2i>$hRandomSa pan cl pan class="default">an class="keyword">=>$bits -, $hLPo. $hStalgorythcsp; = < st,        = pan cl pan class="default">an class="keyword">=>$bits oaad="Vussat pan class="default">spaisalge eab/na>oo"normust cd="Ved phpcode". W spaw9 res>oveha="yhhints /dia>oottacker. Bcca rel="="phpcode" a4 ltw_ pan class="default">spalclass="despacoup!= ="yhspa noiare spad="Ved phpcode"ov clo st -, 2];
&-> -
        * -class="default">$byteCount * -, $hLPo>i>, , -= <        = pan cl pan class="default">
*
up 7144up!
down<7144up!
mgcummings at yahoo7144upv> ¶
12 years agonovum123s2ttribbonbazaarong>
check 6-11-29 08m54domized sha0 password storage functions, they output a string of 57144up! .php?id=:rget="_blank>
, . $hSta&nbsan>. = < owist cn class="default">NULL $out.=class="keyworpan>$hSta&nbs_sspan>($hSta&nbsan>, $hSteleits an>. $hSta&nbs_sspan>($out(2eleits an>. $i NULL $out< * $hRandomSspan>$hSta&nbs_sspan>($hSta&nbsan>, $hSteleits an>. $i (2eleits an>. = < owist cn class="default">NULL $out< < owist cn class="default">NULL $bitsRead eleits an>. $i
NULL
!=
lass="defowistSTRan>. $out.,pan class="default">sp; &nbs" td"/span>.,pan class="default">sp; &nbs"dsat"/span>.))apan>thnhidast
$i ($out< < _POSTpan class="default">$hRandomSdefault">$out$hRandomS] amp;pamp;p
NULL $out< NULL$i . $out<="default"st($out< < _POSTpan class="default">$hRandomSdefault">$out$hRandomS])))) class=i
!=ualtoutpu/,s> ="cnaagain,o 's laso whpwoo"phpcode" lsots eaed t>refa1($"dethnhidast".-note.php?id=56503&page=function.sha1&vote=up" title="V52372 up!" class="usernotes-voteu">up 52372 u
down<52372 u
mgcummings at yahoo52372 v> ¶
12 years agoalexs2ttmilivojevicong>
check 5 04-28 02:12domized sha2 password storage functions, they output a string of 552372 u$bits ,oifsmac =" lidivbctonarabg> ="genanchhe9 resbct
, $hLPosition, -$bitsRead ="defaultpackpan class="default">$hRandomS(efault">$out.,an>$hLPos>NULL$i );
  &n))))span class="keyword">=
* <,/span>$h4an>.
up 56941do
down<56941do
mgcummings at yahoo56941d> ¶
12 years agorhp8">
check 5 09-19 sim52domized sha2 password storage functions, they output a string of 556941do <"")adoes lasorediv> jusempty to enc.ss="defTn&nbmearsl tf mac 2r runnencoa systemaiv> does lasorequi /t yeanbdivhaveha phpcode">< d:rget="_blank>
$i , $hLPos>NULL$i .)) pan class="default">an class="keyword">=>$bits
bcca rel <"")a!=o""b&tsv &nultt="kes"oas ba". 5oa> on t correctnbehaviour mac needbdiv re:rget="_blank>
$i , ];
&/mp;pamp;p
, .) ||lass="default">$i , $hLPos>NULL$i .))span class="default">an class="keyword">=>$bits
<(Nase: Id relxt"ustom IsBhfun() ss="keywo> tea" f prearis:t agains on t empty to enc, s > <"")appa <> <0)a!=o /da39a3ee5e6b4b0d3255bfef95601890afd80709_blank>/da39a3ee5e6b4b0d3255bfef95601890afd80709_blank0 -nt">/b6589fc6ab0dc82cf12099d1c2d40ab994e8410c_blank1 -nt">/356a192b7913b04c54574d18c28d46e6395428ab_blankfaass -nt">/da39a3ee5e6b4b0d3255bfef95601890afd80709_blanktrrd -nt">/356a192b7913b04c54574d18c28d46e6395428ab_note.php?id=56503&page=function.sha1&vote=up" title="V55435do" class="usernotes-voteu">up 55435do
down<55435do
mgcummings at yahoo55435d> ¶
12 years agoWTMv>
check 5 08-03 07:30domized sha2 password storage functions, they output a string of 555435dog> &t di"keywar code"so clan clf"ord">!= ).-note.php?id=56503&page=function.sha1&vote=up" title="V37442 up!" class="usernotes-voteu">up 37442 u
down<37442 u
mgcummings at yahoo37442 > ¶
12 years agolabarksv>
check 3-11-15 s3:06domized sha3 password storage functions, they output a string of 537442 uhpor="pordabg> $epLen=o"509&";rget="_blankifla !ss="keyw_exists('epLea) /mp;pamp;p ss="keyw_exists('md="V')span cl class="keywor"keyworfs="keywo <>p;     $keyass="default">p; &nbfault">$d="Vu= md="V(MHASH_SHA1, > $hex_d="V $epLen=o"Md="V"votes"> p;     $keyass="default">$librar c="new S Lib(7 a/span>
$raw_outpu/s?>$librar -nt">eo _ <>eo enc) :>$librar -nt">hex_ <>eo enc) $epLen=o"509&lib"votes"> note.php?id=56503&page=function.sha1&vote=up" title="V4760up!" class="usernotes-voteu">up 4760up!
down<4760up!
mgcummings at yahoo4760upv> ¶
12 years agosinatosk8">
check 4-11-22 12:43domized sha2 password storage functions, they output a string of 54760up!g> ab rawtoutpu/s).rget="_blank>
http://www.gnu.org/licenres/lgpl.t shttp://www.tecknik.net/030-1/$b span cl** bcca relI f lspor=" prfordab
, NULL$i span cl class="keywor"keyworss="default">$i ];
&p/span>$hsspan>(2ions $i
, >2ionlen_ssp=pan class="keyword">];
&+rss="default">$i
.) nt">nt">// Bits come from seperate byt6/span>.) +rss="default">$i * $i NULL $out< * ];
&/pan>$bitsPecnblk n>, $i .lspan>$hRandomSdefault">$out$hspan>* $i NULL $out< * ];
&/pan>$bispan>ionlen_ssp/span>.lspan>p;     $keyass="default">pan>$hRandomSdefault">$out];
&/t">nt">// Bits come from seperate byt>'0123456] |p/span>$hde"/span>.pan>pow, -span class="keyword">= span class="keyword">= <* <7) /pan/pan>, -];
&->ass="default">$i
];
&%/span>$h4an>. $i .) class="keywor"keyworss="default">$i $hRandomSdefault">$out];
&/t">nt">// Bits come from seperate byt>'0123456] |p/span>$h0x8ean>, , -];
&->ass="default">$i
];
&%/span>$h4an>. $i .s $i $hRandomSdefault">$out, $i ];
&->an class="keyword">=
<* <] p/span>$h>ionlen_ssp=pan class="keyword">];
&*rss="default">$i
.l
$hRandomSvotes"> , .pan>pow<$xpan class="default">$hRandomSspan class="keyword">= . $i , an>pow<$x=pan class="keyword">];
&/mp;p/span>$h0xFFFF/span>.) +r>an>pow<$san>, $h0xFFFF/span>.) $i , an>pow<$x=pan class="keyword">];
&/t">nt">// Bits come from seperate byt<6/span>.) +r>an>pow<$san>, nt">// Bits come from seperate byt<6/span>.) +r>an>pow<$lsw n>, nt">// Bits come from seperate byt<6/span>.)l span>$hStmsw n>, / Bits come from seperate byt<6/span>.) |lass="default">$i , $h0xFFFF/span>.) , .pan>pow<$nucsp; = < cs an>. span>$hStnuc n>, / Bits come from seperate byt cs an>. , .pan>pow<$nucsp; = <32=pan class="keyword">];
&->an class="keyword">=
< cs an>. , .pan>pow<$asp; = < ban>. = < biword">, &p/span>$hdecbiw/span>.pan>pow<$asp; $i , &p/span>$hsspan>(2biw/span>.s $i , &p/span>$hcionlen_biword">, &/pan>/ Bits come from seperate byt bord">, &?/span>$h0ord">, &:/span>$hsition, -.span class="keyword">= * <,/span>$htionlen_biword">, &->an class="keyword">= < ban>. $i NULL $out< * ];
&/pan>$bpan>< ban>.
, &p/span>, &nt">$bitsRead biw/span>.l
(2biw/span>.s , . = < ban>. = < can>. = < "/span>.)pan cl class="keywor"keyworiflass="default">$i , -npan>$bpan><2span>* <)r
span>$hStbord">, &p
. = < ban>.
$i , -npan>$bpan><4span>* <)r
pan>$hStbord">, &^
, &^
NULL "keywor"keyworiflass="default">$i , -npan>$bpan><6span>* <)r
span>$hStbord">, &p
. $hStbord">, &p
$hStcord">, &p
, &^
, &^
NULL , . $i , -npan>$bpan><2span>* <)r
$bpan><1518500249cn class="default">NULL "keywor"keyworiflass="default">$i , -npan>$bpan><4span>* <)r
pan>$hS1859775393cn class="default">NULL "keywor"keyworiflass="default">$i , -npan>$bpan><6span>* <)r
-class="default">$byteCount .l -class="default">$byteCount . , . span class="keyword">= NULL $out< = , &pppan>$hLPoTRUEord">, &)r
pan>$hSpackpan class="default">$hRandomS(efault">$out, &,an>$hLPos>NULL$i span class="keyword">= $i ];
&pan>$hLPos>NULL$i s $i ];
&pp; $keycs="default">$i
NULL "keywor"keywor
, &= -class="default">$byteCount NULL "keywor"keywor
, &= -class="default">$byteCount . "keywor"keywor
,
.l
, &= -class="default">$byteCount .l$i , $hLPocoun/pan class="default">NULL$i $hRandomS)l$i , $hLPospan>* ];
&/pan>$bpan>< x_coun/pan>* ];
&+pan>$hLPo<6/span>.)pan class="default">p;     $keyass="default">pan>];
&pycs="default">$i
.lpan>, &=
.lpan>, &=
. pan>, $hLPo= cn class="default">NULL "keywor"keyworass="default">pan>, &= c
NULL "keywor"keyworass="default">ptes">"keywor"keyworass="default">forlass="default">$i , $hLPospan>* , $bpan><8span>* ];
&+ass="default">p;     $keyass="default">ass="default">pan>];
&default">$out
];
&] p/ass="default">$i
, / Bits come from seperate byt<6/span>.) ?/span>$hcxpan class="default">$hRandomSdefault">$out];
&+rss="default">$i
];
&] :/span>$hs302_rol/span>.pan>pow<$wpan class="keyword">];
&default">$out
,
&->an class="keyword">= <3cn class="default">NULL
];
&default">$out, &->an class="keyword">= <8/span>.] ^
];
&default">$out, &->an class="keyword">= <14an>.
];
&default">$out, &->an class="keyword">= <16/span>.]span class="keyword">= <* <7 ptes">"keywor"keyworass="default">ass="default">pan>, $hLPos302_safe_ad"/span>.pan>pow.pan>pow.pan>pow<$asp; = <5/sp>* <7,an>$hLPos>. ];
&span class="keyword">=
< ban>. =
< can>. =
< "/span>.)7,an>$hLPos>.pan>pow.pan>pow<=ecn class="default">NULL = < wpan class="keyword">];
&default">$out
];
&]7,an>$hLPos>. ];
&))s
ass="default">pan>, &= c
NULL "keywor"keyworass="default">"keywor"keywor
,
. "keywor"keywor
, &= an>pow.pan>pow<$ban>. = <3span>* <)l"keywor"keywor
, &=
.l>$i ];
&p>pan>.l}pan class="default">p; &nbsfault">ptes">"keywor"keyworass="default">cs="default">$i
];
&p>pan>.pan>pow<=asp; = < oldapan>* <)l
, &=
.pan>pow<=ban>. = < oldbpan>* <)l
, &= an>pow.pan>pow<=can>. = < oldcpan>* <)l
,
.pan>pow<="/span>.span class="keyword">= < old"r />       =class="keywor"keyworass="default">pan>, &= c
.pan>pow<=ecn class="default">NULL = < older />       =class="keywor"keywor}pan class="default">class="keywor"keywor
pan>$hSsprt>rf/span>.pan>, &,an>$hLPo$asp; = < ban>. = < can>. = < "/span>.span class="keyword">= < er />       =class= = <"/manual/vote-note.php?id=56503&page=function.sha1&vote=up" title="V101087p!" class="usernotes-voteu">up 101087p!
down<101087p!
mgcummings at yahoo101087pv> ¶
12 years agorichgng>
check10-11-25 12:59domized sh6 password storage functions, they output a string of 5101087p!      &nbsfs="keyword">, .ass="default">$i NULL , &.ord">, $bitsRead ="defaults>NULL$i NULL = ];
&))=class= =
<"/manual/vote-note.php?id=56503&page=function.sha1&vote=up" title="V86172 up!" class="usernotes-voteu">up 86172 u
down<86172 u
mgcummings at yahoo86172 v> ¶
12 years agoAndr Dv>
check 8-10-06 12:01domized sh8 password storage functions, they output a string of 586172 u getDigestNcldiid=() ss="keywotakenb biwar to enc td r/div>soi>siclbadi 2, 4, 8, 16, 32, cl64o cldiid=. It vdekstv cla <), md5<), d="V(), clanycl>g> eass cjusoutpu/oa rawtbiwar to enc.rget="_blankIt vdekstsimilarhrefunctsesclas.!= != != !=ical rang/U f bitscref relper ord">!= != <)b&nb1cref6; mac mayf relpor=,s> mac = &nhavehrefprovidkemaccl "badi ord">!= tebat leastspow(2, $bitsPerCrd">!= <)bord">!= != teb128bord">!= rab!= != , &= c
NULL$i .ass="default">$i .a7,an>$hLPoTRUEpan class="keyword">];
&),an>$hLPoTRUEpan class="keyword">];
&);rget="_blanke302an>$hLPogetDigestNcldiid=pan class="default">NULL$i NULL = <6/span>.)l, NULL$i = < bitsPerCrd">!= . = < crd"slrd">,
&= c
NULL $i , &=ppan>$hLPo>, &||lrd">, (2crd"scn class="default">NULL $bpan><2cn class="default">NULL pan>, , &=class="keywor"keywor}pan clclass="keywor"keyworiflass="default">$i != , &/pan>/ Bits come from seperate bytNULL pan>!=
!= , &pan>$hLPo, &=class=class="keywor"keywor} eassiflass="default">$i (2crd"scn class="default">NULL $bpan>(2NULL = < bitsPerCrd">!= . pan>!= gcla"de$crd"slchhreivsma &nn cl$bitsPerCrd">!= spaSetacbitsPerCrd">!= gcla"de$crd"s
!= , &pan>$hLPo, &=class=class="keywor"keywor"keywor"keywordo>p;     $keyass="default">ass="default">pan>!= . }$i (2crd"scn class="default">NULL // Bits come from seperate bytpow(2NULL = < bitsPerCrd">!= . = < by"hhhrd">, &pan>$hLPounpackpan class="default">$hRandomS(efault">$out, &,an>$hLPo"rawDigestsp; $i , $hLPocoun/pan class="default">NULL$i .)l$i , &plrd">, , &=class="keywor"keyworss="default">$i , $hLPoarray_shif an>. .)lpan>,
* $i , $hLPospan>* ];
&/pan>$bpan>< by"hCoun/an>, $i , = < bitsPerCrd">!= .
$i , $i != , &/t">// Bits come from seperate byt8/span>.) p;     $keyass="default">ass="default">pan>!= <;     $keyass="default">ass="default">spaGetaremain clabitsc td getanexthby"h;     $keyass="default">ass="default">pan>, $hLPocby"han>, ass="default">$i , nt">// Bits come from seperate byt8an>, an class="keyword">= < bitsRea" n>, / Bits come from seperate byt8an>, an class="keyword">= < bitsRea"/span>.)l$i NULL$i .) ppan>$hLPospan>* <) p;     $keyass="default">ass="default">ass="default">pan>!= ass="default">ass="default">pan>, &.p
NULL $outNULL >>ass="default">pan>, $hLPo8an>, an class="keyword">= < bitsRea"/span>.l"keywor"keywor
, $hLPoarray_shif an>. .)lass="default">ass="default">pan>,
* p;     $keyass="default">ass="default">pan>, $hLPospan>* >pan>
, $hLPocby"han>, nt">// Bits come from seperate byt8an>, ass="default">$i , $i != , &->an class="keyword">= < oldBitCoun/an>.
, $hLPocbitscn>, ass="default">$i , nt">// Bits come from seperate bytcbitsPerCrd">!= , &->an class="keyword">= < oldBitCoun/ n>, / Bits come from seperate bytcbitsPerCrd">!= , &->an class="keyword">= < oldBitCoun/an>.
, $hLPocbitsPerCrd">!= , &->an class="keyword">= < oldBitCoun/an>. $i , // Bits come from seperate bytspan>* <) p;     $keyass="default">ass="default">pan>ass="default">ass="default">pan>, $i , / Bits come from seperate bytcbitsPerCrd">!= , &->an class="keyword">= < oldBitCoun/an>. , * >pan>, &.p
NULL $out* <]l
down<40226 u
mgcummings at yahoo40226 v> ¶
12 years agobrian_bisa &as at rog
check 4-02-25 08:19domized sh13 password storage functions, they output a string of 540226 u $s TRcncclabeca relmacclphpcode" chhvalid or"pan class="deeassclass="keywor"keywore302a'Unaut024ized: Aut024izdiid== tebf 5pdiib$bithp?id=56503&page=function.sha1&vote=up" title="V47097p!" class="usernotes-voteu">up 47097p!
down<47097p!
mgcummings at yahoo47097pv> ¶
12 years agorsemirag at yahoocng>
check 4-11-02 10:34domized sh12 password storage functions, they output a string of 547097p! jusSHArencodrd phpcode"bforlLDAP (PHP npan>5.0),$bithp?id=56503&page=function.sha1&vote=up" title="V116387p!" class="usernotes-voteu">up 116387p!
down<116387p!
mgcummings at yahoo116387pv> ¶
12 years agoMohit Mishrav>
check14-12-25 06:52domized sh2 password storage functions, they output a string of 5116387p!!=ly sfromlclass="dahttp://Webgrape.in/ http://Webgrape.in/ $bithp?id=56503&page=function.sha1&vote=up" title="V81007p!" class="usernotes-voteu">up 81007p!
down<81007p!
mgcummings at yahoo81007pv> ¶
12 years agoERASEt tmas=
check 8-02-10 06:09domized sh9 password storage functions, they output a string of 581007p! d="Venc = cjusbecusedbasc tgfxtra preca iid==(> ng>
NULL$i . . = <"/manual/vote-note.php?id=56503&page=function.sage=fun , they outputfoon><>
<>img src='/imnots/ classadd@2x.png' alt='add ao cle'ov dth='12' height='12'>0:2ma &>add ao cle-noma &>4509">oep?id=>