aboutsummaryrefslogtreecommitdiff
path: root/ratatoeskr/sys/pwhash.php
diff options
context:
space:
mode:
authorLaria Carolin Chabowski <laria@laria.me>2020-04-26 16:33:36 +0200
committerLaria Carolin Chabowski <laria@laria.me>2020-04-26 16:33:36 +0200
commit82d40e32363c4e96996eca7ee44ade879589aa0e (patch)
tree44c819d2472697de1e8eb404148f4a087109b27e /ratatoeskr/sys/pwhash.php
parent11c7214cb58be4100422b8f905bc629a8906e6ff (diff)
downloadratatoeskr-cms-82d40e32363c4e96996eca7ee44ade879589aa0e.tar.gz
ratatoeskr-cms-82d40e32363c4e96996eca7ee44ade879589aa0e.tar.bz2
ratatoeskr-cms-82d40e32363c4e96996eca7ee44ade879589aa0e.zip
Expand tabs and remove trailing whitespace
Diffstat (limited to 'ratatoeskr/sys/pwhash.php')
-rw-r--r--ratatoeskr/sys/pwhash.php106
1 files changed, 53 insertions, 53 deletions
diff --git a/ratatoeskr/sys/pwhash.php b/ratatoeskr/sys/pwhash.php
index 8ec4762..5f31dbb 100644
--- a/ratatoeskr/sys/pwhash.php
+++ b/ratatoeskr/sys/pwhash.php
@@ -1,9 +1,9 @@
<?php
/*
* File: ratatoeskr/sys/pwhash.php
- *
+ *
* Hashing passwords
- *
+ *
* License:
* This file is part of Ratatöskr.
* Ratatöskr is licensed unter the MIT / X11 License.
@@ -14,61 +14,61 @@
* Class: PasswordHash
* Contains static functions for password hashes.
* Is just used as a namespace, can not be created.
- *
+ *
* It should be fairly difficult to break these salted hashes via bruteforce attacks.
*/
class PasswordHash
{
- private function __construct() {} /* Prevent construction */
-
- private static $saltlen_min = 20;
- private static $saltlen_max = 30;
- private static $iterations_min = 200;
- private static $iterations_max = 1000;
-
- private static function hash($data, $salt, $iterations)
- {
- $hash = $data . $salt;
- for($i = $iterations ;$i--;)
- $hash = sha1($data . $hash . $salt, (bool) $i);
- return $iterations . '$' . bin2hex($salt) . '$' . $hash;
- }
-
- /*
- * Function: create
- * Create a password hash string.
- *
- * Parameters:
- * $password - The password (or other data) to hash.
- *
- * Returns:
- * The salted hash as a string.
- */
- public static function create($password)
- {
- $salt = "";
- $saltlen = mt_rand(self::$saltlen_min, self::$saltlen_max);
- for($i = 0; $i < $saltlen; $i++)
- $salt .= chr(mt_rand(0,255));
- return self::hash($password, $salt, mt_rand(self::$iterations_min, self::$iterations_max));
- }
-
- /*
- * Function: validate
- * Validate a salted hash.
- *
- * Parameters:
- * $password - The password to test.
- * $pwhash - The hash to test against.
- *
- * Returns:
- * True, if $password was correct, False otherwise.
- */
- public static function validate($password, $pwhash)
- {
- list($iterations, $hexsalt, $hash) = explode('$', $pwhash);
- return self::hash($password, pack("H*", $hexsalt), $iterations) == $pwhash;
- }
+ private function __construct() {} /* Prevent construction */
+
+ private static $saltlen_min = 20;
+ private static $saltlen_max = 30;
+ private static $iterations_min = 200;
+ private static $iterations_max = 1000;
+
+ private static function hash($data, $salt, $iterations)
+ {
+ $hash = $data . $salt;
+ for($i = $iterations ;$i--;)
+ $hash = sha1($data . $hash . $salt, (bool) $i);
+ return $iterations . '$' . bin2hex($salt) . '$' . $hash;
+ }
+
+ /*
+ * Function: create
+ * Create a password hash string.
+ *
+ * Parameters:
+ * $password - The password (or other data) to hash.
+ *
+ * Returns:
+ * The salted hash as a string.
+ */
+ public static function create($password)
+ {
+ $salt = "";
+ $saltlen = mt_rand(self::$saltlen_min, self::$saltlen_max);
+ for($i = 0; $i < $saltlen; $i++)
+ $salt .= chr(mt_rand(0,255));
+ return self::hash($password, $salt, mt_rand(self::$iterations_min, self::$iterations_max));
+ }
+
+ /*
+ * Function: validate
+ * Validate a salted hash.
+ *
+ * Parameters:
+ * $password - The password to test.
+ * $pwhash - The hash to test against.
+ *
+ * Returns:
+ * True, if $password was correct, False otherwise.
+ */
+ public static function validate($password, $pwhash)
+ {
+ list($iterations, $hexsalt, $hash) = explode('$', $pwhash);
+ return self::hash($password, pack("H*", $hexsalt), $iterations) == $pwhash;
+ }
}
?>