![]() |
Message-ID: <53CFB81C.7080306@onsec.ru> Date: Wed, 23 Jul 2014 17:26:52 +0400 From: D0znpp <d0znpp@...ec.ru> To: john-users@...ts.openwall.com Subject: Simfony2 hashes Hi all! Does anybody already cracked this by JTR? https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php: public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $iterations = 5000) ... public function encodePassword($raw, $salt) { if ($this->isPasswordTooLong($raw)) { throw new BadCredentialsException('Invalid password.'); } if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); } $salted = $this->mergePasswordAndSalt($raw, $salt); $digest = hash($this->algorithm, $salted, true); // "stretch" hash for ($i = 1; $i < $this->iterations; $i++) { $digest = hash($this->algorithm, $digest.$salted, true); } return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest); ... protected function demergePasswordAndSalt($mergedPasswordSalt) { if (empty($mergedPasswordSalt)) { return array('', ''); } $password = $mergedPasswordSalt; $salt = ''; $saltBegins = strrpos($mergedPasswordSalt, '{'); if (false !== $saltBegins && $saltBegins + 1 < strlen($mergedPasswordSalt)) { $salt = substr($mergedPasswordSalt, $saltBegins + 1, -1); $password = substr($mergedPasswordSalt, 0, $saltBegins); } return array($password, $salt); }
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.