谁能解释一下这个 C 密码哈希算法?
Can anyone explain this C password hashing algorithm?
我正在尝试在 php 中复制以下代码以获得基于 Web 的帐户创建脚本,但我并不真正理解 md5 哈希之前发生的事情。
这是代码:
reg_seconds = (unsigned) regtime / 3600L;
ch = strlen (&password[0]);
_itoa (reg_seconds, &config_data[0], 10 );
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
//printf ("New password = %s\n", password );
MDString (&password[0], &MDBuffer[0] );
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
当使用密码 "password" 和注册时间“399969”时,我得到一个散列密码“9a5c041c5b37febc90ad3dc66ec62c83”
任何人都可以解释到底发生了什么以及经过哈希处理的最终字符串是什么吗?
好的,让我们逐行查看,假设密码 = "password" 和注册时间 = 399969
reg_seconds = (unsigned) regtime / 3600L;
=> reg_seconds = 111 NB incoherent with the name, isn't is regtime % 3600L
ch = strlen (&password[0]);
=> ch = 8
_itoa (reg_seconds, &config_data[0], 10 );
=> config_data = "111"
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
=> password = "password_111_salt"
//printf ("New password = %s\n", password ); Why did not you uncomment this ?
MDString (&password[0], &MDBuffer[0] );
MDBuffer receives the binary hash
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
md5password receives the hex encoded hash : "033f7d591eda915e708571edd255b511"
糟糕,这不是预期的哈希值!
因为 399969 不是 regtime 但在上面的代码中是 reg_seconds... 所以
password = "password_399969_salt"
md5password = "9a5c041c5b37febc90ad3dc66ec62c83"
我正在尝试在 php 中复制以下代码以获得基于 Web 的帐户创建脚本,但我并不真正理解 md5 哈希之前发生的事情。
这是代码:
reg_seconds = (unsigned) regtime / 3600L;
ch = strlen (&password[0]);
_itoa (reg_seconds, &config_data[0], 10 );
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
//printf ("New password = %s\n", password );
MDString (&password[0], &MDBuffer[0] );
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
当使用密码 "password" 和注册时间“399969”时,我得到一个散列密码“9a5c041c5b37febc90ad3dc66ec62c83”
任何人都可以解释到底发生了什么以及经过哈希处理的最终字符串是什么吗?
好的,让我们逐行查看,假设密码 = "password" 和注册时间 = 399969
reg_seconds = (unsigned) regtime / 3600L;
=> reg_seconds = 111 NB incoherent with the name, isn't is regtime % 3600L
ch = strlen (&password[0]);
=> ch = 8
_itoa (reg_seconds, &config_data[0], 10 );
=> config_data = "111"
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
=> password = "password_111_salt"
//printf ("New password = %s\n", password ); Why did not you uncomment this ?
MDString (&password[0], &MDBuffer[0] );
MDBuffer receives the binary hash
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
md5password receives the hex encoded hash : "033f7d591eda915e708571edd255b511"
糟糕,这不是预期的哈希值!
因为 399969 不是 regtime 但在上面的代码中是 reg_seconds... 所以
password = "password_399969_salt"
md5password = "9a5c041c5b37febc90ad3dc66ec62c83"