SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    Floridiot joebert's Avatar
    Join Date
    Mar 2004
    Location
    Kenneth City, FL
    Posts
    823
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP5 hash function

    Consider this situation.

    A system is setup for logging in, the database stores hashes of passwords generated using the hash function.

    The site moves to a new server where the previous hash_algo is not available.

    What do you do ?

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Either get it installed, a coded version, or find a new host.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Do you understand what hashing algorithm you were using in the PHP Hash function? My guess is that you don't. The Hash PHP function was only supported as of PHP 5.1.2, however you may still be able to access the hashing algorithm (like MD5 or Sha256) but just not wrapped up in a native PHP Hash function - you can build it your-self. Are you sure that your hashing algorithm is not installed on the server? If your algorithm is not installed then, as Logic-Earth suggested you could ask if your ISP could install it - they may not be willing to upgrade their version of PHP but you may be able to convince them to install the algorithm you need and then you can roll your own hashing function.

    ServerStorm
    ictus==""

  4. #4
    Floridiot joebert's Avatar
    Join Date
    Mar 2004
    Location
    Kenneth City, FL
    Posts
    823
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not currently in this situation.

    When I started this thread I was writing a class to benchmark the 30-somthing algorithms available on the box sitting next to me. Ranging from 8 byte CRC hashes to 128 byte SHA hashes.

    Here's the class, it's a bit gnarly & at a point right in the middle of when I decided to start deriving an analysis base class from it, but you should be able to get the idea of what it's for.

    I just had that thought, what would happen if someone used this to determine which algo to use for a system, then moved to another system & was faced with the issue outlined in my original post.
    Code PHP:
    <?php
    class analysis
    {
    	protected $benchmarks = array();
    	protected $options = array();
    	public static function gen_strings($length = 1024, $count = 10)
    	{
    		$strs = array();
    		for($i = 0; $i < $count; $i++)
    		{
    			$str = '';
    			for($j = 0; $j < $length; $j++)
    			{
    				$str .= chr(rand(1, 100));
    			}
    			$strs[] = $str;
    		}
    		return $strs;
    	}
    	public static function sort_time($a, $b)
    	{
    		if($a['time'] == $b['time'])
    		{
    			return 0;
    		}
    		return ($a['time'] < $b['time']) ? -1 : 1;
    	}
    	public static function sort_length($b, $a)
    	{
    		if($a['length'] == $b['length'])
    		{
    			return self::sort_time($b, $a);
    		}
    		return ($a['length'] < $b['length']) ? -1 : 1;
    	}
    	public static function sort_score($b, $a)
    	{
    		if($a['score'] == $b['score'])
    		{
    			return self::sort_time($a, $b);
    		}
    		return ($a['score'] < $b['score']) ? -1 : 1;
    	}
    }
    class hash_analysis extends analysis
    {
    	protected $options = array(
    		'speed_weight' => 0.5,
    		'length_weight' => 0.5,
    		'min_hash_length' => 1,
    		'max_hash_length' => 512,
    		'test_count' => 10,
    		'test_bytes' => 1024
    	);
     
    	public function __set($key, $val)
    	{
    		switch($key)
    		{
    			case 'speed_weight':
    			case 'length_weight':
    				$val = max(0, min(1, (float)$val));
    			case 'speed_weight':
    				$this->options['speed_weight'] = $val;
    				$this->options['length_weight'] = 1 - $val;
    			break;
    			case 'length_weight':
    				$this->options['length_weight'] = $val;
    				$this->options['speed_weight'] = 1 - $val;
    			break;
    			case 'min_hash_length':
    			case 'max_hash_length':
    			case 'test_count':
    			case 'test_bytes':
    				$this->options[$key] = max(1, (int)$val);
    			break;
    			default:
    				$this->options[$key] = $val;
    			break;
    		}
    	}
    	public function __get($key)
    	{
    		switch($key)
    		{
    			case 'hash_algos':
    				$algos = array();
    				foreach(hash_algos() as $algo)
    				{
    					$algos[$algo] = array();
    				}
    				return $algos;
    			break;
    			default:
    				return isset($this->options[$key]) ? $this->options[$key] : false;
    			break;
    		}
    	}
     
    	public function __construct($options = array())
    	{
    		foreach($options as $key => $val)
    		{
    			$this->$key = $val;
    		}
    	}
    	public function __toString()
    	{
    		$strs = parent::gen_strings($this->test_bytes, $this->test_count);
     
    		$this->benchmarks = $this->hash_algos;
    		foreach($this->benchmarks as $algo => $details)
    		{
    			$this->benchmarks[$algo] = array('algo' => $algo, 'time' => 0.00, 'hash' => '', 'length' => 0, 'score' => 0);
    			foreach($strs as $str)
    			{
    				$start = microtime(true);
    				$this->benchmarks[$algo]['hash'] = hash($algo, $str);
    				$this->benchmarks[$algo]['time'] += (microtime(true) - $start);
    			}
    			$len = strlen($this->benchmarks[$algo]['hash']);
    			if(($len <= $this->max_hash_length) && ($len >= $this->min_hash_length))
    			{
    				$this->benchmarks[$algo]['length'] = $len;
    			}
    			else
    			{
    				unset($this->benchmarks[$algo]);
    			}
    		}
     
    		$count = sizeof($this->benchmarks); $i = $count;
    		usort($this->benchmarks, array('hash_analysis', 'sort_time'));
    		foreach($this->benchmarks as $algo => $details)
    		{
    			$this->benchmarks[$algo]['score'] = $i * $this->speed_weight;
    			$i--;
    		}
    		$i = $count;
    		usort($this->benchmarks, array('hash_analysis', 'sort_length'));
    		foreach($this->benchmarks as $algo => $details)
    		{
    			$this->benchmarks[$algo]['score'] += $i * $this->length_weight;
    			$i--;
    		}
    		usort($this->benchmarks, array('hash_analysis', 'sort_score'));
     
    		$table = '<table class="hash_analysis" style="float:left;" border="1" cellpadding="2" cellspacing="1"><tr><th>Algo</th><th>Time</th><th>Length</th><th>Score</th></tr>';
    		for($i = 0, $count = min(5,$count); $i < $count; $i++)
    		{
    			$table .= sprintf('<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>',
    				$this->benchmarks[$i]['algo'],
    				$this->benchmarks[$i]['time'],
    				$this->benchmarks[$i]['length'],
    				$this->benchmarks[$i]['score']
    			);
    		}
    		return $table . '</table>';
    	}
    	public function algo_exists($hash_name = false)
    	{
    		return ($hash_name && isset($this->hash_algos[strtolower($hash_name)]));
    	}
     
    }
    $options = array(
    	'speed_weight'		=> 0.75,
    	'max_hash_length'	=> 48
    );
    for($i = 0; $i<12; $i++)
    {
    	print new hash_analysis($options);
    }
    ?>

  5. #5
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Generate a new password for everyone using the new hashing algorithm and email them it.

  6. #6
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, the only way is to just generate everyone a new password and send it to them. It's the easiest and quickest way to solve the problem.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •