See My Class “SecurePassword” at phpclasses.org

May 29, 2006 § 7 Comments

My class “SecurePassword” has been approved at phpclasses.org and it gave me the chance to be one of the top ten authors authors once again.

See and download this class:
http://www.phpclasses.org/browse/package/3128.html

About this class:

This technique of generating password hash (or password digest) generates strong hash of plain
text password. And for authentication, it matches a generated hash with a plain password.

Modern computers can generate both md5() and sha1() very quickly, thousands per seconds. Thus generating hashes and matching with existing hashes (for hacking) is easy. The present technique implements a kind of hashing that makes strong salt, decodes that and makes hash with that decoded salt and the given password. It gives a variable length strong hash that makes attackers’ job tough.

Description:
This technique -
1. Creates strong salt of given length
2. Makes that salt more strong by decoding it to binary data
3. Creates hash appending that salt to the output of secure hash algorithm – 1
(sha1)generated hash. Parameter of SHA1 in this case is (decoded salt + plainpassword)
4. In matching a password with a stored hash,

(i) The salt is extracted from given/stored hash and decoded first
(ii) Then sha1() is implemented on that salt + plain password
(iii) Then this hash is compared with the sha1() generated-hash portion of given/stored hash

Strengths :
1. If no parameter is given, initSalt() generates random salt that eventually generates random password hash for the same plain password.
2. When password characters are only plaintext, attackers’ job is easy. Use of base64_decode()
helps this technique generate more strong password since the hash contains binary data.
3. Changing the length of salt (saltLength), you can generate password of variable lengths(upto 70 characters). This strengthens the password and makes attackers’ job tough.

Please rate this class if you like and if it comes to your needs. Please feel free to contact me for
any suggestion and/or further assistance regarding the technique and its implementation.

Regards,
[Rupom]

About these ads

Tagged: , ,

§ 7 Responses to See My Class “SecurePassword” at phpclasses.org

  • numediaweb says:

    Thanx Rupom for the class.

    But how can I insert the coded/hashed password into MySQL database?

    what field type should I use? BLOB?

    thank you

  • numediaweb says:

    thanx for the replay,
    the probleme i have is when i use the hash to get the password, i can’t store it using VARCHAR, it gives empty table, even if i set the length twice bigger than initial pass value.
    maybe it has something to do with base64_decode as this encodes to binary!?
    or i choul decode password befor sending it to database!?

    thank you

  • numediaweb says:

    i think this class doesn’t work with sql VARCHAR table, because, it uses base64 data which is binary, and binary should be stored in BLOB tables.

    also, i think we should do some utf-8 encoding/decoding because when you echo bianry characters on the browser, they get different “views” depending on the encoding you select on the header of page.

    please test this ith mysql database, i use the wordpress’s wpdb_Class to communicate with database: http://codex.wordpress.org/Function_Reference/wpdb_Class

  • numediaweb says:

    RESOLVED

    I tried many adjustments to your class, but always generates incompatible characters.

    I found that wp has a built in class to hash passwords and returns a value that can be stored in database with datatype set to avarchar with length 64: example, $P$BwXsuvRLgqs2gWXkFYwKjhrrTSrlc51
    her’is a link:
    http://smbrown.wordpress.com/2009/02/02/wordpress-generate-password-hash-password/

    thank you fo support.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

What’s this?

You are currently reading See My Class “SecurePassword” at phpclasses.org at Rupom Here.

meta

Follow

Get every new post delivered to your Inbox.

Join 176 other followers

%d bloggers like this: