opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #58 from splitbrain/bcrypt 

Added bcrypt support for password hashes
This commit is contained in:
Andreas Gohr 2012-02-01 11:29:32 -08:00
parent bc9d46afa5 5c73ae04fa
commit d00208c2ec
3 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_test/cases/inc/auth_password.test.php
View File

@ -12,6 +12,7 @@ class auth_password_test extends UnitTestCase {
'md5' => '8fa22d62408e5351553acdd91c6b7003',
'sha1' => 'b456d3b0efd105d613744ffd549514ecafcfc7e1',
'ssha' => '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk',
'lsmd5' => '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo',
'crypt' => 'ablvoGr1hvZ5k',
'mysql' => '4a1fa3780bd6fd55',
'my411' => '*e5929347e25f82e19e4ebe92f1dc6b6e7c2dbd29',
@ -48,6 +49,11 @@ class auth_password_test extends UnitTestCase {
}
}
function test_bcrypt_self(){
$hash = auth_cryptPassword('foobcrypt','bcrypt');
$this->assertTrue(auth_verifyPassword('foobcrypt',$hash));
}
function test_verifyPassword_nohash(){
$this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/'));
}

51
inc/PassHash.class.php
View File

@ -47,9 +47,15 @@ class PassHash {
}elseif(preg_match('/^md5\$(.{5})\$/',$hash,$m)){
$method = 'djangomd5';
$salt = $m[1];
}elseif(preg_match('/^\$2a\$(.{2})\$/',$hash,$m)){
$method = 'bcrypt';
$salt = $hash;
}elseif(substr($hash,0,6) == '{SSHA}'){
$method = 'ssha';
$salt = substr(base64_decode(substr($hash, 6)),20);
}elseif(substr($hash,0,6) == '{SMD5}'){
$method = 'lsmd5';
$salt = substr(base64_decode(substr($hash, 6)),16);
}elseif($len == 32){
$method = 'md5';
}elseif($len == 40){
@ -130,6 +136,20 @@ class PassHash {
}
}
/**
* Password hashing method 'lsmd5'
*
* Uses salted MD5 hashs. Salt is 8 bytes long.
*
* This is the format used by LDAP.
*/
public function hash_lsmd5($clear, $salt=null){
$this->init_salt($salt,8);
return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt);
}
/**
* Password hashing method 'apr1'
*
@ -379,4 +399,35 @@ class PassHash {
return 'md5$'.$salt.'$'.md5($salt.$clear);
}
/**
* Passwordhashing method 'bcrypt'
*
* Uses a modified blowfish algorithm called eksblowfish
* This method works on PHP 5.3+ only and will throw an exception
* if the needed crypt support isn't available
*
* A full hash should be given as salt (starting with $a2$) or this
* will break. When no salt is given, the iteration count can be set
* through the $compute variable.
*
* @param string $clear - the clear text to hash
* @param string $salt - the salt to use, null for random
* @param int $compute - the iteration count (between 4 and 31)
* @returns string - hashed password
*/
public function hash_bcrypt($clear, $salt=null, $compute=8){
if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH != 1){
throw new Exception('This PHP installation has no bcrypt support');
}
if(is_null($salt)){
if($compute < 4 || $compute > 31) $compute = 8;
$salt = '$2a$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'.
$this->gen_salt(22);
}
return crypt($password, $salt);
}
}

2
lib/plugins/config/settings/config.metadata.php
View File

@ -125,7 +125,7 @@ $meta['_authentication'] = array('fieldset');
$meta['useacl'] = array('onoff');
$meta['autopasswd'] = array('onoff');
$meta['authtype'] = array('authtype');
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5'));
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt'));
$meta['defaultgroup']= array('string');
$meta['superuser'] = array('string');
$meta['manager'] = array('string');