-5
似乎PassHash SHA1和祕密(也許鹽)MD5什麼類型的哈希?(MD5,SHA1)
我已經嘗試許多哈希algoritm(使用hashcat) 但沒有結果..
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
stderr("Error", "Missing form data.");
if ($_POST["password"] != $_POST["password2"])
stderr("Error", "Passwords mismatch.");
if (!validemail($_POST['email']))
stderr("Error", "Not valid email");
$username = sqlesc($_POST["username"]);
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$secret = mksecret();
$passhash = sqlesc(md5($secret . $password . $secret));
$secret = sqlesc($secret);
mysql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', $email)") or sqlerr(__FILE__, __LINE__);
$res = mysql_query("SELECT id FROM users WHERE username=$username");
$arr = mysql_fetch_row($res);
if (!$arr)
stderr("Error", "Unable to create the account. The user name is possibly already taken.");
header("Location: $BASEURL/userdetails.php?id=$arr[0]");
die;
}
此代碼https://github.com/mlangill/biotorrents/blob/master/adduser.php
這是什麼類型的散列?
謝謝
哈希是單向函數,所以沒有(簡單的)方法來解密它們。 – MrTux 2015-02-07 13:57:09
您正在使用醃製散列進行密碼散列:https://en.wikipedia.org/wiki/Salt_%28cryptography%29,e1e69fc477abad67f92d7e8fc824d29f6e03d776是sha1sum,而wf678r4mk4boix98rfrgefa0zzelka97是鹽。 – MrTux 2015-02-07 13:58:39
是的,我知道。我正在使用hashcat和passwordspro,john the ripper。但我找不到sha1(40長):md5(32長)格式 – Study 2015-02-07 14:02:46