-5
似乎PassHash SHA1和秘密(也许盐)MD5什么类型的哈希?(MD5,SHA1)
我已经尝试许多哈希algoritm(使用hashcat) 但没有结果..
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
stderr("Error", "Missing form data.");
if ($_POST["password"] != $_POST["password2"])
stderr("Error", "Passwords mismatch.");
if (!validemail($_POST['email']))
stderr("Error", "Not valid email");
$username = sqlesc($_POST["username"]);
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$secret = mksecret();
$passhash = sqlesc(md5($secret . $password . $secret));
$secret = sqlesc($secret);
mysql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', $email)") or sqlerr(__FILE__, __LINE__);
$res = mysql_query("SELECT id FROM users WHERE username=$username");
$arr = mysql_fetch_row($res);
if (!$arr)
stderr("Error", "Unable to create the account. The user name is possibly already taken.");
header("Location: $BASEURL/userdetails.php?id=$arr[0]");
die;
}
此代码https://github.com/mlangill/biotorrents/blob/master/adduser.php
这是什么类型的散列?
谢谢
哈希是单向函数,所以没有(简单的)方法来解密它们。 – MrTux 2015-02-07 13:57:09
您正在使用腌制散列进行密码散列:https://en.wikipedia.org/wiki/Salt_%28cryptography%29,e1e69fc477abad67f92d7e8fc824d29f6e03d776是sha1sum,而wf678r4mk4boix98rfrgefa0zzelka97是盐。 – MrTux 2015-02-07 13:58:39
是的,我知道。我正在使用hashcat和passwordspro,john the ripper。但我找不到sha1(40长):md5(32长)格式 – Study 2015-02-07 14:02:46