discuz x3.5非对称密码函数password_hash($password, PASSWORD_BCRYPT)使用bcrypt算法的密码转为md5(md5($pass) . $salt)密码
discuz x3.5非对称密码函数password_hash($password, PASSWORD_BCRYPT)使用bcrypt算法的密码转为md5(md5($pass) . $salt)密码的破解方式:discuz x3.5的密码生成规则:
$pw = password_hash($password, PASSWORD_BCRYPT);
函数 password_hash()
默认算法:bcrypt
查询:blowfish
对比discuz x3.4:
$pw = md5(md5($password).$salt);
转换算法:
function verify_password($password, $hash, $salt = '') {
if(empty($salt)) {
return password_verify($password, $hash);
} else if(strlen($salt) == 6) {
return hash_equals($hash, md5(md5($password).$salt));
} else if(strlen($salt) > 6 && strlen($salt) < 20 && file_exists(UC_ROOT . "lib/uc_password_$salt.class.php")) {
$classname = "uc_password_$salt";
include(UC_ROOT . "lib/uc_password_$salt.class.php");
return $classname::verify_password($password, $hash);
}
return false;
}
function upgrade_password($username, $password, $hash, $salt = '') {
$algo = $this->get_passwordalgo();
$options = $this->get_passwordoptions();
if (!empty($salt) || password_needs_rehash($hash, $algo, $options)) {
$password_new = $this->generate_password($password);
$sqladd = "password = '$password_new', salt = ''";
return $this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");
}
return true;
}
页:
[1]
