Merge pull request #58 from splitbrain/bcrypt
Added bcrypt support for password hashes
This commit is contained in:
commit
d00208c2ec
|
@ -12,6 +12,7 @@ class auth_password_test extends UnitTestCase {
|
|||
'md5' => '8fa22d62408e5351553acdd91c6b7003',
|
||||
'sha1' => 'b456d3b0efd105d613744ffd549514ecafcfc7e1',
|
||||
'ssha' => '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk',
|
||||
'lsmd5' => '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo',
|
||||
'crypt' => 'ablvoGr1hvZ5k',
|
||||
'mysql' => '4a1fa3780bd6fd55',
|
||||
'my411' => '*e5929347e25f82e19e4ebe92f1dc6b6e7c2dbd29',
|
||||
|
@ -48,6 +49,11 @@ class auth_password_test extends UnitTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
function test_bcrypt_self(){
|
||||
$hash = auth_cryptPassword('foobcrypt','bcrypt');
|
||||
$this->assertTrue(auth_verifyPassword('foobcrypt',$hash));
|
||||
}
|
||||
|
||||
function test_verifyPassword_nohash(){
|
||||
$this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/'));
|
||||
}
|
||||
|
|
|
@ -47,9 +47,15 @@ class PassHash {
|
|||
}elseif(preg_match('/^md5\$(.{5})\$/',$hash,$m)){
|
||||
$method = 'djangomd5';
|
||||
$salt = $m[1];
|
||||
}elseif(preg_match('/^\$2a\$(.{2})\$/',$hash,$m)){
|
||||
$method = 'bcrypt';
|
||||
$salt = $hash;
|
||||
}elseif(substr($hash,0,6) == '{SSHA}'){
|
||||
$method = 'ssha';
|
||||
$salt = substr(base64_decode(substr($hash, 6)),20);
|
||||
}elseif(substr($hash,0,6) == '{SMD5}'){
|
||||
$method = 'lsmd5';
|
||||
$salt = substr(base64_decode(substr($hash, 6)),16);
|
||||
}elseif($len == 32){
|
||||
$method = 'md5';
|
||||
}elseif($len == 40){
|
||||
|
@ -130,6 +136,20 @@ class PassHash {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Password hashing method 'lsmd5'
|
||||
*
|
||||
* Uses salted MD5 hashs. Salt is 8 bytes long.
|
||||
*
|
||||
* This is the format used by LDAP.
|
||||
*/
|
||||
public function hash_lsmd5($clear, $salt=null){
|
||||
$this->init_salt($salt,8);
|
||||
return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Password hashing method 'apr1'
|
||||
*
|
||||
|
@ -379,4 +399,35 @@ class PassHash {
|
|||
return 'md5$'.$salt.'$'.md5($salt.$clear);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Passwordhashing method 'bcrypt'
|
||||
*
|
||||
* Uses a modified blowfish algorithm called eksblowfish
|
||||
* This method works on PHP 5.3+ only and will throw an exception
|
||||
* if the needed crypt support isn't available
|
||||
*
|
||||
* A full hash should be given as salt (starting with $a2$) or this
|
||||
* will break. When no salt is given, the iteration count can be set
|
||||
* through the $compute variable.
|
||||
*
|
||||
* @param string $clear - the clear text to hash
|
||||
* @param string $salt - the salt to use, null for random
|
||||
* @param int $compute - the iteration count (between 4 and 31)
|
||||
* @returns string - hashed password
|
||||
*/
|
||||
public function hash_bcrypt($clear, $salt=null, $compute=8){
|
||||
if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH != 1){
|
||||
throw new Exception('This PHP installation has no bcrypt support');
|
||||
}
|
||||
|
||||
if(is_null($salt)){
|
||||
if($compute < 4 || $compute > 31) $compute = 8;
|
||||
$salt = '$2a$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'.
|
||||
$this->gen_salt(22);
|
||||
}
|
||||
|
||||
return crypt($password, $salt);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -125,7 +125,7 @@ $meta['_authentication'] = array('fieldset');
|
|||
$meta['useacl'] = array('onoff');
|
||||
$meta['autopasswd'] = array('onoff');
|
||||
$meta['authtype'] = array('authtype');
|
||||
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5'));
|
||||
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt'));
|
||||
$meta['defaultgroup']= array('string');
|
||||
$meta['superuser'] = array('string');
|
||||
$meta['manager'] = array('string');
|
||||
|
|
Loading…
Reference in New Issue