Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir Shiklgruber2015-07-31 12:28:38
PHP
Vladimir Shiklgruber, 2015-07-31 12:28:38

How effective is it?

Hello. I will make a reservation right away that I stumbled upon the function by accident.

$str = hash_hmac(HASH, $str, HASH_SECRET1);

        for ($i = 0; $i < 100; $i++) {
            $str = md5($str);
        }

I understand that first we hash $str with some reliable algorithm (let's say sha512) then we hash the resulting hash 100 more times with the md5 function (if I understood the cycle correctly)
Thanks in advance
PS
I twisted this idea a little and wrote this class
class security {

    function salt() {
        $chars = "qazxswedcvfrtgbnhyujmkiolp1234567890QAZXSWEDCVFRTGBNHYUJMKIOLP";
        $max = HASH_SALT;
        $size = StrLen($chars) - 1;
        $salt = null;
        while ($max--) {
            $salt.=$chars[rand(0, $size)];
        }
        return $salt;
    }

    public function NewHash5($str) {
        $salt = self::salt();
        $str = hash_hmac(HASH, HASH_SECRET3 . $str . $salt, HASH_SECRET1);

        for ($i = 0; $i < 100; $i++) {
            $str = hash('sha1', $str);
        }

        for ($i = 0; $i < HASH_REKURS; $i++) {
            $str = hash('whirlpool', HASH_SECRET3 . $str . $salt.HASH_SECRET2);
        }

        for ($i = 0; $i < 10; $i++) {
            $str = hash('haval128,3', $str);
        }

        for ($i = 0; $i < 10; $i++) {
            $str = hash('adler32', $str);
        }

        $return['hash'] = HASH_SECRET2 . $str;
        $return['salt'] = $salt;
        return $return;
    }

}

If you use a salt of 60 characters, then processing on the server takes 0.00152683
, I measure it with this piece of code
substr(microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"], 0, 10)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Mikhail Osher, 2015-07-31
@aaadddminnn

bcrypt to the rescue.
// EDIT
Extremely inefficient.
// EDIT2
Generate a random string (instead of your salt function, adjust the length):
bin2hex(openssl_random_pseudo_bytes(21));

Report
D
Dmitry Kovalsky, 2015-07-31
@dmitryKovalskiy

I'm not a cryptologist, but I think this is a crazy overhead. Better make the salting algorithm smarter.

Similar questions
H
Healis2022-01-16 18:03:19
How to apply a gradient to an image so that the gradient does not go beyond the edges? 2Reply
M
Max Ba2017-04-06 13:55:11
How to make a key for a TIN? 3Reply
P
Petr2016-06-23 10:33:40
Convert from HTML to PSD? 3Reply
P
Pavel2014-05-18 14:34:20
How to set up Chrome DevTools Autosave on windows? 4Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question