discuz x3.5非对称密码函数password_hash($password, PASSWORD_BCRYPT)使用bcrypt算法的密码转为md5(md5($pass) . $salt)密码
2022/12/29 15:38:38
discuz x3.5非对称密码函数password_hash($password, PASSWORD_BCRYPT)使用bcrypt算法的密码转为md5(md5($pass) . $salt)密码的破解方式:
discuz x3.5的密码生成规则:
$pw = password_hash($password, PASSWORD_BCRYPT);
函数 password_hash()
默认算法:bcrypt
查询:blowfish
对比discuz x3.4:
$pw = md5(md5($password).$salt);
转换算法:
discuz x3.5的密码生成规则:
$pw = password_hash($password, PASSWORD_BCRYPT);
函数 password_hash()
默认算法:bcrypt
查询:blowfish
对比discuz x3.4:
$pw = md5(md5($password).$salt);
转换算法:
- function verify_password($password, $hash, $salt = '') {
-
-
-
- if(empty($salt)) {
- return password_verify($password, $hash);
- } else if(strlen($salt) == 6) {
- return hash_equals($hash, md5(md5($password).$salt));
- } else if(strlen($salt) > 6 && strlen($salt) < 20 && file_exists(UC_ROOT . "lib/uc_password_$salt.class.php")) {
- $classname = "uc_password_$salt";
- include(UC_ROOT . "lib/uc_password_$salt.class.php");
- return $classname::verify_password($password, $hash);
- }
- return false;
- }
- function upgrade_password($username, $password, $hash, $salt = '') {
- $algo = $this->get_passwordalgo();
- $options = $this->get_passwordoptions();
- if (!empty($salt) || password_needs_rehash($hash, $algo, $options)) {
- $password_new = $this->generate_password($password);
- $sqladd = "password = '$password_new', salt = ''";
- return $this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");
- }
- return true;
- }