ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
APR1_MD5.php
Go to the documentation of this file.
1<?php
2
3namespace WhiteHat101\Crypt;
4
5class APR1_MD5 {
6
7 const BASE64_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
8 const APRMD5_ALPHABET = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
9
10 // Source/References for core algorithm:
11 // http://www.cryptologie.net/article/126/bruteforce-apr1-hashes/
12 // http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/crypto/apr_md5.c?view=co
13 // http://www.php.net/manual/en/function.crypt.php#73619
14 // http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
15 // Wikipedia
16
17 public static function hash($mdp, $salt = null) {
18 if (is_null($salt))
19 $salt = self::salt();
20 $salt = substr($salt, 0, 8);
21 $max = strlen($mdp);
22 $context = $mdp.'$apr1$'.$salt;
23 $binary = pack('H32', md5($mdp.$salt.$mdp));
24 for($i=$max; $i>0; $i-=16)
25 $context .= substr($binary, 0, min(16, $i));
26 for($i=$max; $i>0; $i>>=1)
27 $context .= ($i & 1) ? chr(0) : $mdp[0];
28 $binary = pack('H32', md5($context));
29 for($i=0; $i<1000; $i++) {
30 $new = ($i & 1) ? $mdp : $binary;
31 if($i % 3) $new .= $salt;
32 if($i % 7) $new .= $mdp;
33 $new .= ($i & 1) ? $binary : $mdp;
34 $binary = pack('H32', md5($new));
35 }
36 $hash = '';
37 for ($i = 0; $i < 5; $i++) {
38 $k = $i+6;
39 $j = $i+12;
40 if($j == 16) $j = 5;
41 $hash = $binary[$i].$binary[$k].$binary[$j].$hash;
42 }
43 $hash = chr(0).chr(0).$binary[11].$hash;
44 $hash = strtr(
45 strrev(substr(base64_encode($hash), 2)),
46 self::BASE64_ALPHABET,
47 self::APRMD5_ALPHABET
48 );
49 return '$apr1$'.$salt.'$'.$hash;
50 }
51
52 // 8 character salts are the best. Don't encourage anything but the best.
53 public static function salt() {
54 $alphabet = self::APRMD5_ALPHABET;
55 $salt = '';
56 for($i=0; $i<8; $i++) {
57 $offset = hexdec(bin2hex(openssl_random_pseudo_bytes(1))) % 64;
58 $salt .= $alphabet[$offset];
59 }
60 return $salt;
61 }
62
63 public static function check($plain, $hash) {
64 $parts = explode('$', $hash);
65 return self::hash($plain, $parts[2]) === $hash;
66 }
67
68}
php
An exception for terminatinating execution or to throw for unit testing.
WhiteHat101\Crypt\APR1_MD5
Definition: APR1_MD5.php:5
WhiteHat101\Crypt\APR1_MD5\BASE64_ALPHABET
const BASE64_ALPHABET
Definition: APR1_MD5.php:7
WhiteHat101\Crypt\APR1_MD5\APRMD5_ALPHABET
const APRMD5_ALPHABET
Definition: APR1_MD5.php:8
WhiteHat101\Crypt\APR1_MD5\check
static check($plain, $hash)
Definition: APR1_MD5.php:63
WhiteHat101\Crypt\APR1_MD5\salt
static salt()
Definition: APR1_MD5.php:53
WhiteHat101\Crypt\APR1_MD5\hash
static hash($mdp, $salt=null)
Definition: APR1_MD5.php:17
$i
$i
Definition: disco.tpl.php:19
$context
$context
Definition: webdav.php:25