GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Generate better salt for crypt()

Browse Source
This commit is contained in:
Mikael Nordfeldth 2013-10-21 13:16:03 +02:00
parent db5df642ba
commit 7233869298
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/AuthCrypt/AuthCryptPlugin.php
View File

@ -49,7 +49,7 @@ class AuthCryptPlugin extends AuthenticationPlugin
return false; return false;
} }
// crypt cuts the second parameter to its appropriate length based on hash scheme // crypt understands what the salt part of $user->password is
if ($user->password === crypt($password, $user->password)) { if ($user->password === crypt($password, $user->password)) {
return $user; return $user;
} }
@ -66,6 +66,18 @@ class AuthCryptPlugin extends AuthenticationPlugin
return false; return false;
} }
protected function cryptSalt($len=CRYPT_SALT_LENGTH)
{
$chars = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
$salt = '';
for ($i=0; $i<$len; $i++) {
$salt .= $chars{mt_rand(0, strlen($chars)-1)};
}
return $salt;
}
// $oldpassword is already verified when calling this function... shouldn't this be private?! // $oldpassword is already verified when calling this function... shouldn't this be private?!
function changePassword($username, $oldpassword, $newpassword) function changePassword($username, $oldpassword, $newpassword)
{ {
@ -87,8 +99,7 @@ class AuthCryptPlugin extends AuthenticationPlugin
public function hashPassword($password, Profile $profile=null) public function hashPassword($password, Profile $profile=null)
{ {
// A new, unique salt per new record stored... // A new, unique salt per new record stored...
// TODO: common_good_rand should be more diverse than hexdec return crypt($password, $this->hash . self::cryptSalt());
return crypt($password, $this->hash . common_good_rand(CRYPT_SALT_LENGTH));
} }
/* /*