From eb0b6976151d8996bcf14300e592f36c04e6681c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sun, 26 Feb 2012 00:22:19 +0000 Subject: [PATCH] Added the ability to create hashes without the fixed (extra) salt --- .../main/crypto/class_CryptoHelper.php | 22 ++++++++++++++----- inc/config.php | 7 ++++-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/inc/classes/main/crypto/class_CryptoHelper.php b/inc/classes/main/crypto/class_CryptoHelper.php index 61df3149..52bd668a 100644 --- a/inc/classes/main/crypto/class_CryptoHelper.php +++ b/inc/classes/main/crypto/class_CryptoHelper.php @@ -140,9 +140,10 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { * * @param $str Unhashed string * @param $oldHash A hash from previous hashed string + * @param $withFixed Whether to include a fixed salt (not recommended in p2p applications) * @return $hashed The hashed and salted string */ - public function hashString ($str, $oldHash = '') { + public function hashString ($str, $oldHash = '', $withFixed = true) { // Cast the string $str = (string) $str; @@ -160,11 +161,20 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { // Hash the password with salt //* DEBUG: */ echo "salt=".$salt."/plain=".$str."
\n"; - $hashed = $salt . md5(sprintf($this->getConfigInstance()->getConfigEntry('hash_mask'), - $salt, - $this->getRngInstance()->getFixedSalt(), - $str - )); + if ($withFixed === true) { + // Use additional fixed salt + $hashed = $salt . md5(sprintf($this->getConfigInstance()->getConfigEntry('hash_salt_mask'), + $salt, + $this->getRngInstance()->getFixedSalt(), + $str + )); + } else { + // Use salt+string to hash + $hashed = $salt . md5(sprintf($this->getConfigInstance()->getConfigEntry('hash_normal_mask'), + $salt, + $str + )); + } // And return it return $hashed; diff --git a/inc/config.php b/inc/config.php index 8e9c3d4f..82f4acc4 100644 --- a/inc/config.php +++ b/inc/config.php @@ -269,8 +269,11 @@ $cfg->setConfigEntry('salt_length', 10); // CFG: RND-STR-LENGTH $cfg->setConfigEntry('rnd_str_length', 128); -// CFG: HASH-MASK -$cfg->setConfigEntry('hash_mask', "%1s:%2s:%3s"); // 1=salt, 2=extra salt, 3=plain password +// CFG: HASH-EXTRA-MASK +$cfg->setConfigEntry('hash_extra_mask', "%1s:%2s:%3s"); // 1=salt, 2=extra salt, 3=plain password/string + +// CFG: HASH-NORMAL-MASK +$cfg->setConfigEntry('hash_NORMAL_mask', "%1s:%2s"); // 1=salt, 2=plain password/string // CFG: IS-SINGLE-SERVER $cfg->setConfigEntry('is_single_server', 'Y'); -- 2.30.2