Esempio n. 1
0
function HashPassword($password)
{
    mt_srand((double) microtime() * 1000000);
    $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
    $hash = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt);
    return $hash;
}
Esempio n. 2
0
 /**
  * Generate the new key
  *
  * @param  string  $hash       The hash algorithm to be used by HMAC
  * @param  string  $password   The source password/key
  * @param  int $bytes      The output size in bytes
  * @param  string  $salt       The salt of the algorithm
  * @throws Exception\InvalidArgumentException
  * @return string
  */
 public static function calc($hash, $password, $salt, $bytes)
 {
     if (!in_array($hash, array_keys(static::$supportedMhashAlgos))) {
         throw new Exception\InvalidArgumentException("The hash algorihtm {$hash} is not supported by " . __CLASS__);
     }
     if (strlen($salt) < 8) {
         throw new Exception\InvalidArgumentException('The salt size must be at least of 8 bytes');
     }
     return mhash_keygen_s2k(static::$supportedMhashAlgos[$hash], $password, $salt, $bytes);
 }
Esempio n. 3
0
 /**
  * nv_Crypt::hash()
  * 
  * @param mixed $data
  * @param bool $is_salt
  * @return
  */
 public function hash($data, $is_salt = false)
 {
     $inner = pack('H32', call_user_func($this->_func, $this->_ipad . $data));
     $digest = call_user_func($this->_func, $this->_opad . $inner);
     if (!$is_salt) {
         return $digest;
     }
     $mhast = constant('MHASH_' . strtoupper($this->_func));
     $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
     $salt = mhash_keygen_s2k($mhast, $digest, substr(pack('h*', md5($salt)), 0, 8), 4);
     $hash = strtr(base64_encode(mhash($mhast, $digest . $salt) . $salt), '+/=', '-_,');
     return $hash;
 }
Esempio n. 4
0
 function ssha($pass)
 {
     mt_srand((double) microtime() * 1000000);
     $salt = mhash_keygen_s2k(MHASH_SHA1, $pass, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
     return base64_encode(mhash(MHASH_SHA1, $pass . $salt) . $salt);
 }
Esempio n. 5
0
 function encode_password($password = '', $encoding = '')
 {
     if ($encoding == '') {
         $encoding = $this->password_encryption;
     }
     if (strcasecmp($encoding, "clear") == 0) {
         $encodedpass = $password;
     } elseif (strcasecmp($encoding, "crypt") == 0) {
         $encodedpass = "******" . crypt($password);
     } elseif (strcasecmp($encoding, "md5") == 0) {
         $encodedpass = "******" . base64_encode(pack("H*", md5($password)));
     } elseif (strcasecmp($encoding, "ssha") == 0) {
         mt_srand((double) microtime() * 1000000);
         $salt = mhash_keygen_s2k(MHASH_SHA1, $password, mb_substr(pack('h*', md5(mt_rand())), 0, 8), 4);
         $encodedpass = "******" . base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt);
     } else {
         return false;
         exit;
     }
     return $encodedpass;
 }
Esempio n. 6
0
 /**
  * Code originaly from the phpLDAPadmin development team
  * http://phpldapadmin.sourceforge.net/
  *
  * Hashes a password and returns the hash based on the specified enc_type
  */
 static function hash_password($password_clear, $encodage_type)
 {
     $encodage_type = strtolower($encodage_type);
     switch ($encodage_type) {
         case 'crypt':
             $crypted_password = '******' . crypt($password_clear, self::random_salt(2));
             break;
         case 'ext_des':
             /* Extended DES crypt. see OpenBSD crypt man page */
             if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                 /* Your system crypt library does not support extended DES encryption */
                 return false;
             }
             $crypted_password = '******' . crypt($password_clear, '_' . self::random_salt(8));
             break;
         case 'md5crypt':
             if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                 /* Your system crypt library does not support md5crypt encryption */
                 return false;
             }
             $crypted_password = '******' . crypt($password_clear, '$1$' . self::random_salt(9));
             break;
         case 'blowfish':
             if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                 /* Your system crypt library does not support blowfish encryption */
                 return false;
             }
             /* Hardcoded to second blowfish version and set number of rounds */
             $crypted_password = '******' . crypt($password_clear, '$2a$12$' . self::random_salt(13));
             break;
         case 'md5':
             $crypted_password = '******' . base64_encode(pack('H*', md5($password_clear)));
             break;
         case 'sha':
             if (function_exists('sha1')) {
                 /* Use PHP 4.3.0+ sha1 function, if it is available */
                 $crypted_password = '******' . base64_encode(pack('H*', sha1($password_clear)));
             } else {
                 if (function_exists('hash')) {
                     $crypted_password = '******' . base64_encode(hash('sha1', $password_clear, true));
                 } else {
                     if (function_exists('mhash')) {
                         $crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear));
                     } else {
                         /* Your PHP install does not have the mhash()/hash() nor sha1() function */
                         return false;
                     }
                 }
             }
             break;
         case 'ssha':
             mt_srand((double) microtime() * 1000000);
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, $salt, 4);
                 $password = mhash(MHASH_MD5, $password_clear . $salt);
             } else {
                 if (function_exists('sha1')) {
                     $salt = substr(pack("H*", sha1($salt . $password_clear)), 0, 4);
                     $password = sha1($password_clear . $salt, true);
                 } else {
                     if (function_exists('hash')) {
                         $salt = substr(pack("H*", hash('sha1', $salt . $password_clear)), 0, 4);
                         $password = hash('sha1', $password_clear . $salt, true);
                     }
                 }
             }
             if ($password) {
                 $crypted_password = '******' . base64_encode($password . $salt);
             } else {
                 /* Your PHP install does not have the mhash()/hash() nor sha1() function */
                 return false;
             }
             break;
         case 'smd5':
             mt_srand((double) microtime() * 1000000);
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, $salt, 4);
                 $password = mhash(MHASH_MD5, $password_clear . $salt);
             } else {
                 if (function_exists('hash')) {
                     $salt = substr(pack("H*", hash('md5', $salt . $password_clear)), 0, 4);
                     $password = hash('md5', $password_clear . $salt, true);
                 } else {
                     $salt = substr(pack("H*", md5($salt . $password_clear)), 0, 4);
                     $password = md5($password_clear . $salt, true);
                 }
             }
             $crypted_password = '******' . base64_encode($password . $salt);
             break;
         case 'samba':
             if (function_exists('hash')) {
                 $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
                 $crypted_password = strtoupper($crypted_password);
             } else {
                 /* Your PHP install does not have the hash() function */
                 return false;
             }
             break;
         case 'ad':
             $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
             break;
         case 'clear':
         default:
             $crypted_password = $password_clear;
     }
     return $crypted_password;
 }
Esempio n. 7
0
 public function keygen($length)
 {
     return mhash_keygen_s2k(MHASH_MD5, md5(mt_rand()), md5(mt_rand()), $length);
 }
Esempio n. 8
0
 /**
  * Hashes a password and returns the hash based on the specified method
  *
  * Parts of the code originally from the phpLDAPadmin development team
  * http://phpldapadmin.sourceforge.net/
  *
  * @param string      Clear password
  * @param string      Hashing method
  * @param bool|string Prefix string or TRUE to add a default prefix
  *
  * @return string Hashed password
  */
 static function hash_password($password, $method = '', $prefixed = true)
 {
     $method = strtolower($method);
     $rcmail = rcmail::get_instance();
     if (empty($method) || $method == 'default') {
         $method = $rcmail->config->get('password_algorithm');
         $prefixed = $rcmail->config->get('password_algorithm_prefix');
         $default = true;
     } else {
         if ($method == 'crypt') {
             // deprecated
             if (!($method = $rcmail->config->get('password_crypt_hash'))) {
                 $method = 'md5';
             }
             if (!strpos($method, '-crypt')) {
                 $method .= '-crypt';
             }
         }
     }
     switch ($method) {
         case 'des':
         case 'des-crypt':
             $crypted = crypt($password, self::random_salt(2));
             $prefix = '{CRYPT}';
             break;
         case 'ext_des':
             // for BC
         // for BC
         case 'ext-des-crypt':
             $crypted = crypt($password, '_' . self::random_salt(8));
             $prefix = '{CRYPT}';
             break;
         case 'md5crypt':
             // for BC
         // for BC
         case 'md5-crypt':
             $crypted = crypt($password, '$1$' . self::random_salt(9));
             $prefix = '{CRYPT}';
             break;
         case 'sha256-crypt':
             $crypted = crypt($password, '$5$' . self::random_salt(16));
             $prefix = '{CRYPT}';
             break;
         case 'sha512-crypt':
             $crypted = crypt($password, '$6$' . self::random_salt(16));
             $prefix = '{CRYPT}';
             break;
         case 'blowfish':
             // for BC
         // for BC
         case 'blowfish-crypt':
             $cost = (int) $rcmail->config->get('password_blowfish_cost');
             $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
             $prefix = sprintf('$2a$%02d$', $cost);
             $crypted = crypt($password, $prefix . self::random_salt(22));
             $prefix = '{CRYPT}';
             break;
         case 'md5':
             $crypted = base64_encode(pack('H*', md5($password)));
             $prefix = '{MD5}';
             break;
         case 'sha':
             if (function_exists('sha1')) {
                 $crypted = pack('H*', sha1($password));
             } else {
                 if (function_exists('hash')) {
                     $crypted = hash('sha1', $password, true);
                 } else {
                     if (function_exists('mhash')) {
                         $crypted = mhash(MHASH_SHA1, $password);
                     } else {
                         rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"), true, true);
                     }
                 }
             }
             $crypted = base64_encode($crypted);
             $prefix = '{SHA}';
             break;
         case 'ssha':
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt = mhash_keygen_s2k(MHASH_SHA1, $password, $salt, 4);
                 $crypted = mhash(MHASH_SHA1, $password . $salt);
             } else {
                 if (function_exists('sha1')) {
                     $salt = substr(pack("H*", sha1($salt . $password)), 0, 4);
                     $crypted = sha1($password . $salt, true);
                 } else {
                     if (function_exists('hash')) {
                         $salt = substr(pack("H*", hash('sha1', $salt . $password)), 0, 4);
                         $crypted = hash('sha1', $password . $salt, true);
                     } else {
                         rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"), true, true);
                     }
                 }
             }
             $crypted = base64_encode($crypted . $salt);
             $prefix = '{SSHA}';
             break;
         case 'smd5':
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 4);
                 $crypted = mhash(MHASH_MD5, $password . $salt);
             } else {
                 if (function_exists('hash')) {
                     $salt = substr(pack("H*", hash('md5', $salt . $password)), 0, 4);
                     $crypted = hash('md5', $password . $salt, true);
                 } else {
                     $salt = substr(pack("H*", md5($salt . $password)), 0, 4);
                     $crypted = md5($password . $salt, true);
                 }
             }
             $crypted = base64_encode($crypted . $salt);
             $prefix = '{SMD5}';
             break;
         case 'samba':
             if (function_exists('hash')) {
                 $crypted = hash('md4', rcube_charset::convert($password, RCUBE_CHARSET, 'UTF-16LE'));
                 $crypted = strtoupper($crypted_password);
             } else {
                 rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Your PHP install does not have hash() function"), true, true);
             }
             break;
         case 'ad':
             $crypted = rcube_charset::convert('"' . $password . '"', RCUBE_CHARSET, 'UTF-16LE');
             break;
         case 'cram-md5':
             // deprecated
             require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
             $crypted = dovecot_hmacmd5($password);
             $prefix = '{CRAM-MD5}';
             break;
         case 'dovecot':
             if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) {
                 $dovecotpw = 'dovecotpw';
             }
             if (!($method = $rcmail->config->get('password_dovecotpw_method'))) {
                 $method = 'CRAM-MD5';
             }
             // use common temp dir
             $tmp_dir = $rcmail->config->get('temp_dir');
             $tmpfile = tempnam($tmp_dir, 'roundcube-');
             $pipe = popen("{$dovecotpw} -s '{$method}' > '{$tmpfile}'", "w");
             if (!$pipe) {
                 unlink($tmpfile);
                 return false;
             } else {
                 fwrite($pipe, $passwd . "\n", 1 + strlen($passwd));
                 usleep(1000);
                 fwrite($pipe, $passwd . "\n", 1 + strlen($passwd));
                 pclose($pipe);
                 $crypted = trim(file_get_contents($tmpfile), "\n");
                 unlink($tmpfile);
                 if (!preg_match('/^\\{' . $method . '\\}/', $newpass)) {
                     return false;
                 }
                 if (!$default) {
                     $prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method');
                 }
                 if (!$prefixed) {
                     $crypted = trim(str_replace('{' . $method . '}', '', $crypted));
                 }
                 $prefixed = false;
             }
             break;
         case 'hash':
             // deprecated
             if (!extension_loaded('hash')) {
                 rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: 'hash' extension not loaded!"), true, true);
             }
             if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) {
                 $hash_algo = 'sha1';
             }
             $crypted = hash($hash_algo, $password);
             if ($rcmail->config->get('password_hash_base64')) {
                 $crypted = base64_encode(pack('H*', $crypted));
             }
             break;
         case 'clear':
             $crypted = $password;
     }
     if ($crypted === null || $crypted === false) {
         return false;
     }
     if ($prefixed && $prefixed !== true) {
         $prefix = $prefixed;
         $prefixed = true;
     }
     if ($prefixed === true && $prefix) {
         $crypted = $prefix . $crypted;
     }
     return $crypted;
 }
Esempio n. 9
0
/**
 * Code originaly from the phpLDAPadmin development team
 * http://phpldapadmin.sourceforge.net/
 *
 * Hashes a password and returns the hash based on the specified enc_type.
 *
 * @param string $passwordClear The password to hash in clear text.
 * @param string $encodageType Standard LDAP encryption type which must be one of
 *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
 * @return string The hashed password.
 *
 */
function hashPassword($passwordClear, $encodageType)
{
    $encodageType = strtolower($encodageType);
    switch ($encodageType) {
        case 'crypt':
            $cryptedPassword = '******' . crypt($passwordClear, randomSalt(2));
            break;
        case 'ext_des':
            // extended des crypt. see OpenBSD crypt man page.
            if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                // Your system crypt library does not support extended DES encryption.
                return FALSE;
            }
            $cryptedPassword = '******' . crypt($passwordClear, '_' . randomSalt(8));
            break;
        case 'md5crypt':
            if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                // Your system crypt library does not support md5crypt encryption.
                return FALSE;
            }
            $cryptedPassword = '******' . crypt($passwordClear, '$1$' . randomSalt(9));
            break;
        case 'blowfish':
            if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                // Your system crypt library does not support blowfish encryption.
                return FALSE;
            }
            // hardcoded to second blowfish version and set number of rounds
            $cryptedPassword = '******' . crypt($passwordClear, '$2a$12$' . randomSalt(13));
            break;
        case 'md5':
            $cryptedPassword = '******' . base64_encode(pack('H*', md5($passwordClear)));
            break;
        case 'sha':
            if (function_exists('sha1')) {
                // use php 4.3.0+ sha1 function, if it is available.
                $cryptedPassword = '******' . base64_encode(pack('H*', sha1($passwordClear)));
            } elseif (function_exists('mhash')) {
                $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear));
            } else {
                return FALSE;
                //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
            }
            break;
        case 'ssha':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_SHA1, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear . $salt) . $salt);
            } else {
                return FALSE;
                //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
            }
            break;
        case 'smd5':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_MD5, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $cryptedPassword = '******' . base64_encode(mhash(MHASH_MD5, $passwordClear . $salt) . $salt);
            } else {
                return FALSE;
                //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
            }
            break;
        case 'samba':
            if (function_exists('hash')) {
                $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE'));
                $cryptedPassword = strtoupper($cryptedPassword);
            } else {
                /* Your PHP install does not have the hash() function */
                return false;
            }
            break;
        case 'clear':
        default:
            $cryptedPassword = $passwordClear;
    }
    return $cryptedPassword;
}
Esempio n. 10
0
 /**
  * Returns a salt for the appropriate kind of password encryption.
  * Optionally takes a seed and a plaintext password, to extract the seed
  * of an existing password, or for encryption types that use the plaintext
  * in the generation of the salt.
  *
  * @param   string  $encryption  The kind of password encryption to use.
  *                               Defaults to md5-hex.
  * @param   string  $seed        The seed to get the salt from (probably a
  *                               previously generated password). Defaults to
  *                               generating a new seed.
  * @param   string  $plaintext   The plaintext password that we're generating
  *                               a salt for. Defaults to none.
  *
  * @return  string  The generated or extracted salt.
  *
  * @since   11.1
  */
 public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
 {
     // Encrypt the password.
     switch ($encryption) {
         case 'crypt':
         case 'crypt-des':
             if ($seed) {
                 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 2);
             } else {
                 return substr(md5(mt_rand()), 0, 2);
             }
             break;
         case 'crypt-md5':
             if ($seed) {
                 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12);
             } else {
                 return '$1$' . substr(md5(mt_rand()), 0, 8) . '$';
             }
             break;
         case 'crypt-blowfish':
             if ($seed) {
                 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 16);
             } else {
                 return '$2$' . substr(md5(mt_rand()), 0, 12) . '$';
             }
             break;
         case 'ssha':
             if ($seed) {
                 return substr(preg_replace('|^{SSHA}|', '', $seed), -20);
             } else {
                 return mhash_keygen_s2k(MHASH_SHA1, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
             }
             break;
         case 'smd5':
             if ($seed) {
                 return substr(preg_replace('|^{SMD5}|', '', $seed), -16);
             } else {
                 return mhash_keygen_s2k(MHASH_MD5, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
             }
             break;
         case 'aprmd5':
             /* 64 characters that are valid for APRMD5 passwords. */
             $APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
             if ($seed) {
                 return substr(preg_replace('/^\\$apr1\\$(.{8}).*/', '\\1', $seed), 0, 8);
             } else {
                 $salt = '';
                 for ($i = 0; $i < 8; $i++) {
                     $salt .= $APRMD5[rand(0, 63)];
                 }
                 return $salt;
             }
             break;
         default:
             $salt = '';
             if ($seed) {
                 $salt = $seed;
             }
             return $salt;
             break;
     }
 }
<?php

$supported_hash_al = array("MHASH_MD5" => "8690154eaf9432cde9347aa15094b9c046eb06e6a0940c5479aa7a6367ae68b5e0e0745e5709fede2d9fe9739d9aad413759faa73acced821077b4ddb2788064e371eb53b3a9d55ed2839aab2655c82cfedbe83a208461c799d9d77ae481061c81539b01", "MHASH_SHA1" => "dd315c70061d07455d53c2fb0b08df0c61aa665c1ab1a701fa10955423248ba832a5ade406b39b78630aba3d1688e622494a0eae279d4ece9ad4bdf76e878fcb084a33c9153c2b48131d30a75b00a7c05b91f1ffeabf59bb1271c4d8a11990b84baf6d49", "MHASH_HAVAL256" => "0ede47009f87d5e9a24ecf5077d60c483657a5d98404ab2bb780f5872c90caf61c0d67645a848e55fee107296f4169c95b4e61f0aeeefab2648554c1171fb0a2fc32aa5aeed3d5c155d334367d4959622cdadefe43ae17bd1a75f9d4fef77bf192be5b78", "MHASH_HAVAL224" => "5c4aff3d825ad608f608c8eae779ee3868610bc60a98f3d770b311a6677c797fc2dadcab71dde0c0191e068397ab297f0de5cbbc6cbcd0c78ca8470c42401f6b77e81dc2ba8d51930ff982760335324fb850ac2d30b73514004c096d60472d320e0ec349", "MHASH_HAVAL192" => "22e0c27126023c852ef94107bb2f1ee132b064178b9dcbfb1c32e658760b8f70bdc5b1c52599031628c2433bee2b0870ab7a38aeb21215134ec1088975b9a96487642971ef9eb3d987baf9765fd9e6d64d494e1719aa84afe7e0a0784c74979ebab1c787", "MHASH_HAVAL160" => "d6e5f0ef07f3facced646eedb6364758ecde6dc6fb061e00a496f5ceb723f78ea135884d9682226ded69c11d8431240ef97cad583c4f29593bbf3dd3cab0b8792eb3d86022ca6002ebd0d9b4429909d4af85bed2b5a96b3e47b9b8cac919c1177ec40d7e", "MHASH_RIPEMD160" => "e4d5db469af29f78e2b90dc735c9cf020a1d5b19a6674458677794d4dca144d426c562aff98d8e866a8a924299ebf6b0ea9a1637f987a1fb5de9b647edc35b1447605e1babc3084be7a003931117eb33432d4142e225df044b033f3ff64bb4a18682a4f9", "MHASH_GOST" => "c044f669bd7e8643953d77c682fd179242d9df157dadf873be4d9601e4647c018234689359e7220ab0492a6240d184c478634073dea87f79be7f86fd4e2564f7d709b68a46440a121250e00fc7d57d45a9c07ee23a704ff4148c0dad7077ec527b194d87", "MHASH_TIGER" => "470aca9d7bc9ea67e46402332f26f6b15532fe6037231cce297912d32f5142f6276b2358e7f1ccba8b116ec0c0c2a46845f7a5042f0ee41906c0db9ba9b80f82181720314d2a70981bba79da4bc9c4564d95f8d709d5604fd48d369797a218a862196f48", "MHASH_CRC32" => "481c40148c26185f9a59ef18e86f51c5d2d0315b46711d22ae08c1ccdd669fe956c817380815e3a545f6ee453c9da48d1d994dbc3ac8ba85a572108412f06b2a16b1489cda75b118e82f7d9bdfdb68336957bbf19e4a3f76750d6985a53dd557229dfcf3", "MHASH_CRC32B" => "65ab6cb5fb7d3ea67f5da92a9bd746b6628a13368fcbcd43af49092e9c6a960fd030a5ce3c1f0ddb512ec698be96e77969748db66278b0fd837d24d8c898f50bd70993b48cc8accf4b44c54431e91385ddf04c7560a1a7368fc9e6f763457c90b07f04f1");
foreach ($supported_hash_al as $hash => $wanted) {
    $passwd = str_repeat($hash, 10);
    $salt = str_repeat($hash, 2);
    $result = mhash_keygen_s2k(constant($hash), $passwd, $salt, 100);
    if (!strcmp(bin2hex($result), $wanted)) {
        echo "{$hash}\nok\n";
    } else {
        echo "{$hash}: ";
        var_dump($wanted);
        echo "{$hash}: ";
        var_dump(bin2hex($result));
    }
    echo "\n";
}
Esempio n. 12
0
 /**
  * Stores this Crypt_KeyStore to the given output stream, and protects its 
  * integrity with the given password.
  *      
  * @param string $filename path and file name of key store file
  * @param string $password password used encrypt key store
  * @param array  $options  store options
  * 
  * @return void
  */
 public function store($filename, $password, $options = array())
 {
     try {
         // open the file in write mode, truncate any existing file, and go to
         // the beginning
         $fd = fopen($filename, 'w');
         if ($fd == false) {
             throw new Crypt_KeyStore_Exception("Failed to open key store");
         }
         $processedOpts = $this->_processSymmetricOptions($options);
         /* Open the cipher */
         $td = mcrypt_module_open($processedOpts[self::OPT_CIPHER], '', $processedOpts[self::OPT_MODE], '');
         // Create the IV and determine the keysize length, use MCRYPT_RAND
         // on Windows instead
         $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
         $salt = substr(pack('H*', md5(mt_rand())), 0, $processedOpts[self::OPT_SALTSIZE]);
         /* Create key */
         $enc_key = mhash_keygen_s2k($processedOpts[self::OPT_HASH], $password, $salt, mcrypt_enc_get_key_size($td));
         /* Intialize encryption */
         mcrypt_generic_init($td, $enc_key, $iv);
         // the file contents will have 16 bytes of data - the IV and the
         // key salt so we can decrypt the file later
         fwrite($fd, bin2hex($iv));
         fwrite($fd, bin2hex($salt));
         foreach ($this->_entries as $alias => $entry) {
             // each entry is stored as:
             // |alias,type,encrypted_size_in_bytes,key algorithm,
             // keysize,hex-encoded encrypted_data|
             $strEntry = "" . $entry;
             $entryType = $entry->getEntryType();
             fwrite($fd, "|");
             fwrite($fd, $alias);
             fwrite($fd, ",");
             fwrite($fd, $entryType);
             fwrite($fd, ",");
             fwrite($fd, count($strEntry));
             fwrite($fd, ",");
             switch ($entryType) {
                 case Crypt_KeyStore_BaseEntry::PRIVATEKEY_TYPE:
                     $algo = $entry->getPrivateKey()->getAlgorithm();
                     $keysize = $entry->getPrivateKey()->getSize();
                     break;
                 case Crypt_KeyStore_BaseEntry::SECRETKEY_TYPE:
                     $algo = $entry->getSecretKey()->getAlgorithm();
                     $keysize = $entry->getSecretKey()->getSize();
                     break;
                 case Crypt_KeyStore_BaseEntry::TRUSTEDCERT_TYPE:
                     $algo = '';
                     $keysize = 0;
                     break;
             }
             fwrite($fd, $algo);
             fwrite($fd, ",");
             fwrite($fd, $keysize);
             fwrite($fd, ",");
             fwrite($fd, bin2hex(mcrypt_generic($td, $strEntry)));
             fwrite($fd, "|");
         }
         /* Terminate encryption handler */
         mcrypt_generic_deinit($td);
         mcrypt_module_close($td);
         // close file desc
         fclose($fd);
     } catch (Crypt_KeyStore_Exception $e) {
         throw $e;
     } catch (Exception $e) {
         // general exception handler
         throw new Crypt_KeyStore_Exception($e);
     }
     return;
 }
Esempio n. 13
0
/**
 * create hashed password
 * @param string $pass plain text password
 * @param string $crypto used crypto algorithm
 * @param array $msgs array used for error messages
 * @param string $forced_salt salt that should be used during hashing.
 * Is used only when is not set to empty string. Salt should be formated
 * according to $crypto requirements.
 * @return hashed password or false.
 */
function cpw_ldap_password_hash($pass, $crypto, &$msgs, $forced_salt = '')
{
    // set default return code
    $ret = false;
    // lowercase crypto just in case
    $crypto = strtolower($crypto);
    // extra symbols used for random string in crypt salt
    // squirrelmail GenerateRandomString() adds alphanumerics with third argument = 7.
    $extra_salt_chars = './';
    // encrypt/hash password
    switch ($crypto) {
        case 'md4':
            // minimal requirement = php with mhash extension
            if (function_exists('mhash') && defined('MHASH_MD4')) {
                $ret = '{MD4}' . base64_encode(mhash(MHASH_MD4, $pass));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'md4'), _("PHP mhash extension is missing or does not support selected crypto."));
            }
            break;
        case 'md5':
            $ret = '{MD5}' . base64_encode(pack('H*', md5($pass)));
            break;
        case 'smd5':
            // minimal requirement = mhash extension with md5 support and php 4.0.4.
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k') && defined('MHASH_MD5')) {
                if ($forced_salt != '') {
                    $salt = $forced_salt;
                } else {
                    $salt = mhash_keygen_s2k(MHASH_MD5, $pass, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
                }
                $ret = "{SMD5}" . base64_encode(mhash(MHASH_MD5, $pass . $salt) . $salt);
            } else {
                // use two array_push calls in order to display messages in different lines.
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'smd5'), _("PHP mhash extension is missing or does not support selected crypto."));
            }
            break;
        case 'rmd160':
            // minimal requirement = php with mhash extension
            if (function_exists('mhash') && defined('MHASH_RIPEMD160')) {
                $ret = '{RMD160}' . base64_encode(mhash(MHASH_RIPEMD160, $pass));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'ripe-md160'), _("PHP mhash extension is missing or does not support selected crypto."));
            }
            break;
        case 'sha':
            // minimal requirement = php 4.3.0+ or php with mhash extension
            if (function_exists('sha1') && defined('MHASH_SHA1')) {
                // use php 4.3.0+ sha1 function, if it is available.
                $ret = '{SHA}' . base64_encode(pack('H*', sha1($pass)));
            } elseif (function_exists('mhash')) {
                $ret = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $pass));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'sha'), _("PHP mhash extension is missing or does not support selected crypto."));
            }
            break;
        case 'ssha':
            // minimal requirement = mhash extension and php 4.0.4
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k') && defined('MHASH_SHA1')) {
                if ($forced_salt != '') {
                    $salt = $forced_salt;
                } else {
                    $salt = mhash_keygen_s2k(MHASH_SHA1, $pass, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
                }
                $ret = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $pass . $salt) . $salt);
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'ssha'), _("PHP mhash extension is missing or does not support selected crypto."));
            }
            break;
        case 'crypt':
            if (defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1) {
                $ret = '{CRYPT}' . crypt($pass, GenerateRandomString(2, $extra_salt_chars, 7));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'crypt'), _("System crypt library doesn't support standard DES crypt."));
            }
            break;
        case 'md5crypt':
            // check if crypt() supports md5
            if (defined('CRYPT_MD5') && CRYPT_MD5 == 1) {
                $ret = '{CRYPT}' . crypt($pass, '$1$' . GenerateRandomString(9, $extra_salt_chars, 7));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'md5crypt'), _("System crypt library doesn't have MD5 support."));
            }
            break;
        case 'extcrypt':
            // check if crypt() supports extended des
            if (defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1) {
                $ret = '{CRYPT}' . crypt($pass, '_' . GenerateRandomString(8, $extra_salt_chars, 7));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'ext_des'), _("System crypt library doesn't support extended DES crypt."));
            }
            break;
        case 'blowfish':
            // check if crypt() supports blowfish
            if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) {
                $ret = '{CRYPT}' . crypt($pass, '$2a$12$' . GenerateRandomString(13, $extra_salt_chars, 7));
            } else {
                array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'Blowfish'), _("System crypt library doesn't have Blowfish support."));
            }
            break;
        case 'plaintext':
            // clear plain text password
            $ret = $pass;
            break;
        default:
            array_push($msgs, sprintf(_("Unsupported crypto: %s"), is_string($ldap_crypto) ? sm_encode_html_special_chars($ldap_crypto) : _("unknown")));
    }
    return $ret;
}
Esempio n. 14
0
/**
 * Hashes a password and returns the hash based on the specified enc_type.
 *
 * @param string The password to hash in clear text.
 * @param string Standard LDAP encryption type which must be one of
 *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
 * @return string The hashed password.
 */
function pla_password_hash($password_clear, $enc_type)
{
    if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
        debug_log('Entered (%%)', 1, 0, __FILE__, __LINE__, __METHOD__, $fargs);
    }
    $enc_type = strtolower($enc_type);
    switch ($enc_type) {
        case 'blowfish':
            if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                error(_('Your system crypt library does not support blowfish encryption.'), 'error', 'index.php');
            }
            # Hardcoded to second blowfish version and set number of rounds
            $new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$2a$12$' . random_salt(13)));
            break;
        case 'crypt':
            if ($_SESSION[APPCONFIG]->getValue('password', 'no_random_crypt_salt')) {
                $new_value = sprintf('{CRYPT}%s', crypt($password_clear, substr($password_clear, 0, 2)));
            } else {
                $new_value = sprintf('{CRYPT}%s', crypt($password_clear, random_salt(2)));
            }
            break;
        case 'ext_des':
            # Extended des crypt. see OpenBSD crypt man page.
            if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                error(_('Your system crypt library does not support extended DES encryption.'), 'error', 'index.php');
            }
            $new_value = sprintf('{CRYPT}%s', crypt($password_clear, '_' . random_salt(8)));
            break;
        case 'k5key':
            $new_value = sprintf('{K5KEY}%s', $password_clear);
            system_message(array('title' => _('Unable to Encrypt Password'), 'body' => 'phpLDAPadmin cannot encrypt K5KEY passwords', 'type' => 'warn'));
            break;
        case 'md5':
            $new_value = sprintf('{MD5}%s', base64_encode(pack('H*', md5($password_clear))));
            break;
        case 'md5crypt':
            if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                error(_('Your system crypt library does not support md5crypt encryption.'), 'error', 'index.php');
            }
            $new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$1$' . random_salt(9)));
            break;
        case 'sha':
            # Use php 4.3.0+ sha1 function, if it is available.
            if (function_exists('sha1')) {
                $new_value = sprintf('{SHA}%s', base64_encode(pack('H*', sha1($password_clear))));
            } elseif (function_exists('mhash')) {
                $new_value = sprintf('{SHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear)));
            } else {
                error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
            }
            break;
        case 'ssha':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $new_value = sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt));
            } else {
                error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php');
            }
            break;
        case 'smd5':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $new_value = sprintf('{SMD5}%s', base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt));
            } else {
                error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php');
            }
            break;
        case 'sha512':
            if (function_exists('openssl_digest') && function_exists('base64_encode')) {
                $new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
            } else {
                error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '), 'error', 'index.php');
            }
            break;
        case 'clear':
        default:
            $new_value = $password_clear;
    }
    return $new_value;
}
 /**
  * Returns a salt for the appropriate kind of password encryption.
  * Optionally takes a seed and a plaintext password, to extract the seed
  * of an existing password, or for encryption types that use the plaintext
  * in the generation of the salt.
  *
  * @param   string  $encryption  The kind of password encryption to use.
  *                               Defaults to md5-hex.
  * @param   string  $seed        The seed to get the salt from (probably a
  *                               previously generated password). Defaults to
  *                               generating a new seed.
  * @param   string  $plaintext   The plaintext password that we're generating
  *                               a salt for. Defaults to none.
  *
  * @return  string  The generated or extracted salt.
  *
  * @since   11.1
  * @note    Default $encryption will be changed to 'bcrypt' in CMS 3.2 and will at
  *          the type used by the PHP PASSWORD_DEFAULT constant until 5.5 is the minimum
  *          version required. At that point the default will be PASSWORD_DEFAULT.
  */
 public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
 {
     // Encrypt the password.
     switch ($encryption) {
         case 'crypt':
         case 'crypt-des':
             if ($seed) {
                 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 2);
             } else {
                 return substr(md5(mt_rand()), 0, 2);
             }
             break;
         case 'sha256':
             if ($seed) {
                 return preg_replace('|^{sha256}|i', '', $seed);
             } else {
                 return static::genRandomPassword(16);
             }
             break;
         case 'crypt-md5':
             if ($seed) {
                 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12);
             } else {
                 return '$1$' . substr(md5(JCrypt::genRandomBytes()), 0, 8) . '$';
             }
             break;
         case 'crypt-blowfish':
             if ($seed) {
                 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 16);
             } else {
                 return '$2$' . substr(md5(JCrypt::genRandomBytes()), 0, 12) . '$';
             }
             break;
         case 'ssha':
             if ($seed) {
                 return substr(preg_replace('|^{SSHA}|', '', $seed), -20);
             } else {
                 return mhash_keygen_s2k(MHASH_SHA1, $plaintext, substr(pack('h*', md5(JCrypt::genRandomBytes())), 0, 8), 4);
             }
             break;
         case 'smd5':
             if ($seed) {
                 return substr(preg_replace('|^{SMD5}|', '', $seed), -16);
             } else {
                 return mhash_keygen_s2k(MHASH_MD5, $plaintext, substr(pack('h*', md5(JCrypt::genRandomBytes())), 0, 8), 4);
             }
             break;
         case 'aprmd5':
             /* 64 characters that are valid for APRMD5 passwords. */
             $APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
             if ($seed) {
                 return substr(preg_replace('/^\\$apr1\\$(.{8}).*/', '\\1', $seed), 0, 8);
             } else {
                 $salt = '';
                 for ($i = 0; $i < 8; $i++) {
                     $salt .= $APRMD5[rand(0, 63)];
                 }
                 return $salt;
             }
             break;
             // BCrypt is aliased because a BCrypt has may be requested when it is not present, and so it falls back to
             // the default behavior of generating a salt.
         // BCrypt is aliased because a BCrypt has may be requested when it is not present, and so it falls back to
         // the default behavior of generating a salt.
         case 'bcrypt':
         default:
             $salt = '';
             if ($seed) {
                 $salt = $seed;
             }
             return $salt;
             break;
     }
 }
<?php

list($hmac, $iv, $encrypted) = explode(':', $output);
$iv = base64_decode($iv);
$encrypted = base64_decode($encrypted);
$macKey = mhash_keygen_s2k(MHASH_SHA256, $key, $iv, 32);
$newHmac = hash_hmac('sha256', $iv . MCRYPT_BLOWFISH . $encrypted, $macKey);
if ($hmac !== $newHmac) {
    die('Autenticazione fallita, impossibile procedere.');
}
$decrypt = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $encrypted, MCRYPT_MODE_CBC, $iv);
$data = rtrim($decrypt, "");
Esempio n. 17
0
 private static function generate_password($password, $encryptionType)
 {
     switch (strtolower($encryptionType)) {
         case 'blowfish':
             if (defined('CRYPT_BLOWFISH') == false || CRYPT_BLOWFISH == 0) {
                 throw new \Exception(yii::t('yii', 'Your system crypt library does not support blowfish encryption'));
             }
             # Hardcoded to second blowfish version and set number of rounds
             return sprintf('{CRYPT}%s', crypt($password, '$2a$12$' . self::random_salt(13)));
             break;
         case 'crypt':
             //$new_value = sprintf('{CRYPT}%s',crypt($password_clear,substr($password_clear,0,2)));
             return sprintf('{CRYPT}%s', crypt($password, self::random_salt(2)));
             break;
         case 'ext_des':
             # Extended des crypt. see OpenBSD crypt man page.
             if (defined('CRYPT_EXT_DES') == false || CRYPT_EXT_DES == 0) {
                 throw new \Exception(yii::t('yii', 'Your system crypt library does not support extended DES encryption'));
             }
             return sprintf('{CRYPT}%s', crypt($password, '_' . self::random_salt(8)));
             break;
         case 'k5key':
             return sprintf('{K5KEY}%s', $password);
             break;
         case 'md5':
             return sprintf('{MD5}%s', base64_encode(pack('H*', md5($password))));
             break;
         case 'md5crypt':
             if (defined('CRYPT_MD5') == false || CRYPT_MD5 == 0) {
                 throw new \Exception(yii::t('yii', 'Your system crypt library does not support md5crypt encryption'));
             }
             return sprintf('{CRYPT}%s', crypt($password, '$1$' . self::random_salt(9)));
             break;
         case 'sha':
             # Use php 4.3.0+ sha1 function, if it is available.
             if (function_exists('sha1') == true) {
                 return sprintf('{SHA}%s', base64_encode(pack('H*', sha1($password))));
             } elseif (function_exists('mhash')) {
                 return sprintf('{SHA}%s', base64_encode(mhash(MHASH_SHA1, $password)));
             } else {
                 throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() function. Cannot do SHA hashes'));
             }
             break;
         case 'ssha':
             if (function_exists('mhash') == true && function_exists('mhash_keygen_s2k') == true) {
                 mt_srand((double) microtime() * 1000000);
                 $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                 return sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt));
             } else {
                 throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes'));
             }
             break;
         case 'smd5':
             if (function_exists('mhash') == true && function_exists('mhash_keygen_s2k') == true) {
                 mt_srand((double) microtime() * 1000000);
                 $salt = mhash_keygen_s2k(MHASH_MD5, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                 return sprintf('{SMD5}%s', base64_encode(mhash(MHASH_MD5, $password . $salt) . $salt));
             } else {
                 throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes'));
             }
             break;
         case 'sha512':
             if (function_exists('openssl_digest') == true && function_exists('base64_encode') == true) {
                 return sprintf('{SHA512}%s', base64_encode(openssl_digest($password, 'sha512', true)));
             } else {
                 throw new \Exception(yii::t('yii', 'Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes'));
             }
             break;
         case 'clear':
         default:
             return $password;
     }
 }
Esempio n. 18
0
 /**
  * Code originaly from the phpLDAPadmin development team
  * http://phpldapadmin.sourceforge.net/
  *
  * Hashes a password and returns the hash based on the specified enc_type
  */
 static function hash_password($password_clear, $encodage_type)
 {
     $encodage_type = strtolower($encodage_type);
     switch ($encodage_type) {
         case 'crypt':
             $crypted_password = '******' . crypt($password_clear, self::random_salt(2));
             break;
         case 'ext_des':
             /* Extended DES crypt. see OpenBSD crypt man page */
             if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                 /* Your system crypt library does not support extended DES encryption */
                 return false;
             }
             $crypted_password = '******' . crypt($password_clear, '_' . self::random_salt(8));
             break;
         case 'md5crypt':
             if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                 /* Your system crypt library does not support md5crypt encryption */
                 return false;
             }
             $crypted_password = '******' . crypt($password_clear, '$1$' . self::random_salt(9));
             break;
         case 'blowfish':
             if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                 /* Your system crypt library does not support blowfish encryption */
                 return false;
             }
             $rcmail = rcmail::get_instance();
             $cost = (int) $rcmail->config->get('password_blowfish_cost');
             $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
             $prefix = sprintf('$2a$%02d$', $cost);
             $crypted_password = '******' . crypt($password_clear, $prefix . self::random_salt(22));
             break;
         case 'md5':
             $crypted_password = '******' . base64_encode(pack('H*', md5($password_clear)));
             break;
         case 'sha':
             if (function_exists('sha1')) {
                 /* Use PHP 4.3.0+ sha1 function, if it is available */
                 $crypted_password = '******' . base64_encode(pack('H*', sha1($password_clear)));
             } else {
                 if (function_exists('hash')) {
                     $crypted_password = '******' . base64_encode(hash('sha1', $password_clear, true));
                 } else {
                     if (function_exists('mhash')) {
                         $crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear));
                     } else {
                         /* Your PHP install does not have the mhash()/hash() nor sha1() function */
                         return false;
                     }
                 }
             }
             break;
         case 'ssha':
             mt_srand((double) microtime() * 1000000);
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, $salt, 4);
                 $password = mhash(MHASH_SHA1, $password_clear . $salt);
             } else {
                 if (function_exists('sha1')) {
                     $salt = substr(pack("H*", sha1($salt . $password_clear)), 0, 4);
                     $password = sha1($password_clear . $salt, true);
                 } else {
                     if (function_exists('hash')) {
                         $salt = substr(pack("H*", hash('sha1', $salt . $password_clear)), 0, 4);
                         $password = hash('sha1', $password_clear . $salt, true);
                     }
                 }
             }
             if ($password) {
                 $crypted_password = '******' . base64_encode($password . $salt);
             } else {
                 /* Your PHP install does not have the mhash()/hash() nor sha1() function */
                 return false;
             }
             break;
         case 'smd5':
             mt_srand((double) microtime() * 1000000);
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, $salt, 4);
                 $password = mhash(MHASH_MD5, $password_clear . $salt);
             } else {
                 if (function_exists('hash')) {
                     $salt = substr(pack("H*", hash('md5', $salt . $password_clear)), 0, 4);
                     $password = hash('md5', $password_clear . $salt, true);
                 } else {
                     $salt = substr(pack("H*", md5($salt . $password_clear)), 0, 4);
                     $password = md5($password_clear . $salt, true);
                 }
             }
             $crypted_password = '******' . base64_encode($password . $salt);
             break;
         case 'samba':
             if (function_exists('hash')) {
                 $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
                 $crypted_password = strtoupper($crypted_password);
             } else {
                 /* Your PHP install does not have the hash() function */
                 return false;
             }
             break;
         case 'ad':
             $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
             break;
         case 'cram-md5':
             require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
             return dovecot_hmacmd5($password_clear);
             break;
         case 'clear':
         default:
             $crypted_password = $password_clear;
     }
     return $crypted_password;
 }
 /**
  * Encrypts the password
  * @param string $passwd
  * @returns string
  */
 protected function encryptPassword($passwd)
 {
     # http://www.openldap.org/doc/admin24/security.html#Password%20Storage
     switch (strtolower($this->options['encrypt'])) {
         case 'md5':
             return '{MD5}' . md5($passwd);
         case 'plaintext':
             return $passwd;
         case 'SSHA':
             /* code stolen gratefyllu from http://www.php.net/manual/en/function.sha1.php#40226*/
             $salt = mhash_keygen_s2k(MHASH_SHA1, $passwd, substr(pack('h*', md5($this->options('salt'))), 0, 8), 4);
             return "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $passwd . $salt) . $salt);
         case 'SHA':
             /* code stolen gratefuly from http://www.openldap.org/faq/data/cache/347.html */
             return "{SHA}" . base64_encode(pack("H*", sha1($passwd)));
     }
 }
Esempio n. 20
0
/**
 * Hashes a password and returns the hash based on the specified enc_type.
 *
 * @param string $password_clear The password to hash in clear text.
 * @param string $enc_type Standard LDAP encryption type which must be one of
 *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
 * @return string The hashed password.
 */
function password_hash($password_clear, $enc_type)
{
    if (DEBUG_ENABLED) {
        debug_log('password_hash(): Entered with (%s,%s)', 1, $password_clear, $enc_type);
    }
    $enc_type = strtolower($enc_type);
    switch ($enc_type) {
        case 'crypt':
            $new_value = '{CRYPT}' . crypt($password_clear, random_salt(2));
            break;
        case 'ext_des':
            // extended des crypt. see OpenBSD crypt man page.
            if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                pla_error(_('Your system crypt library does not support extended DES encryption.'));
            }
            $new_value = '{CRYPT}' . crypt($password_clear, '_' . random_salt(8));
            break;
        case 'md5crypt':
            if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                pla_error(_('Your system crypt library does not support md5crypt encryption.'));
            }
            $new_value = '{CRYPT}' . crypt($password_clear, '$1$' . random_salt(9));
            break;
        case 'blowfish':
            if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                pla_error(_('Your system crypt library does not support blowfish encryption.'));
            }
            // hardcoded to second blowfish version and set number of rounds
            $new_value = '{CRYPT}' . crypt($password_clear, '$2a$12$' . random_salt(13));
            break;
        case 'md5':
            $new_value = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
            break;
        case 'sha':
            if (function_exists('sha1')) {
                // use php 4.3.0+ sha1 function, if it is available.
                $new_value = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
            } elseif (function_exists('mhash')) {
                $new_value = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
            } else {
                pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
            }
            break;
        case 'ssha':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
                $new_value = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
            } else {
                pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
            }
            break;
        case 'smd5':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
                $new_value = "{SMD5}" . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
            } else {
                pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
            }
            break;
        case 'clear':
        default:
            $new_value = $password_clear;
    }
    return $new_value;
}
Esempio n. 21
0
 /**
  * Code originaly from the phpLDAPadmin development team
  * http://phpldapadmin.sourceforge.net/
  *
  * Hashes a password and returns the hash based on the specified enc_type.
  *
  * @param string $passwordClear The password to hash in clear text.
  * @param string $encodageType Standard LDAP encryption type which must be one of
  *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
  * @return string The hashed password.
  *
  */
 function hashPassword($passwordClear, $encodageType)
 {
     $encodageType = strtolower($encodageType);
     switch ($encodageType) {
         case 'crypt':
             $cryptedPassword = '******' . crypt($passwordClear, $this->randomSalt(2));
             break;
         case 'ext_des':
             // extended des crypt. see OpenBSD crypt man page.
             if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                 return FALSE;
             }
             //Your system crypt library does not support extended DES encryption.
             $cryptedPassword = '******' . crypt($passwordClear, '_' . $this->randomSalt(8));
             break;
         case 'md5crypt':
             if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                 return FALSE;
             }
             //Your system crypt library does not support md5crypt encryption.
             $cryptedPassword = '******' . crypt($passwordClear, '$1$' . $this->randomSalt(9));
             break;
         case 'blowfish':
             if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                 return FALSE;
             }
             //Your system crypt library does not support blowfish encryption.
             $cryptedPassword = '******' . crypt($passwordClear, '$2a$12$' . $this->randomSalt(13));
             // hardcoded to second blowfish version and set number of rounds
             break;
         case 'md5':
             $cryptedPassword = '******' . base64_encode(pack('H*', md5($passwordClear)));
             break;
         case 'sha':
             if (function_exists('sha1')) {
                 // use php 4.3.0+ sha1 function, if it is available.
                 $cryptedPassword = '******' . base64_encode(pack('H*', sha1($passwordClear)));
             } elseif (function_exists('mhash')) {
                 $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear));
             } else {
                 return FALSE;
                 //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
             }
             break;
         case 'ssha':
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 mt_srand((double) microtime() * 1000000);
                 $salt = mhash_keygen_s2k(MHASH_SHA1, $passwordClear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
                 $cryptedPassword = "******" . base64_encode(mhash(MHASH_SHA1, $passwordClear . $salt) . $salt);
             } else {
                 return FALSE;
                 //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
             }
             break;
         case 'smd5':
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 mt_srand((double) microtime() * 1000000);
                 $salt = mhash_keygen_s2k(MHASH_MD5, $passwordClear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
                 $cryptedPassword = "******" . base64_encode(mhash(MHASH_MD5, $passwordClear . $salt) . $salt);
             } else {
                 return FALSE;
                 //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
             }
             break;
         case 'ad':
             $cryptedPassword = '';
             $passwordClear = "\"" . $passwordClear . "\"";
             $len = strlen($passwordClear);
             for ($i = 0; $i < $len; $i++) {
                 $cryptedPassword .= "{$passwordClear[$i]}";
             }
         case 'clear':
         default:
             $cryptedPassword = $passwordClear;
     }
     return $cryptedPassword;
 }
Esempio n. 22
0
/**
 * Code originaly from the phpLDAPadmin development team
 * http://phpldapadmin.sourceforge.net/
 *
 * Hashes a password and returns the hash based on the specified enc_type
 */
function ldap_simple_hash_password($password_clear, $encodage_type)
{
    $encodage_type = strtolower($encodage_type);
    switch ($encodage_type) {
        case 'crypt':
            $crypted_password = '******' . crypt($password_clear, ldap_simple_random_salt(2));
            break;
        case 'ext_des':
            /* Extended DES crypt. see OpenBSD crypt man page */
            if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                /* Your system crypt library does not support extended DES encryption */
                return false;
            }
            $crypted_password = '******' . crypt($password_clear, '_' . ldap_simple_random_salt(8));
            break;
        case 'md5crypt':
            if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                /* Your system crypt library does not support md5crypt encryption */
                return false;
            }
            $crypted_password = '******' . crypt($password_clear, '$1$' . ldap_simple_random_salt(9));
            break;
        case 'blowfish':
            if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                /* Your system crypt library does not support blowfish encryption */
                return false;
            }
            /* Hardcoded to second blowfish version and set number of rounds */
            $crypted_password = '******' . crypt($password_clear, '$2a$12$' . ldap_simple_random_salt(13));
            break;
        case 'md5':
            $crypted_password = '******' . base64_encode(pack('H*', md5($password_clear)));
            break;
        case 'sha':
            if (function_exists('sha1')) {
                /* Use PHP 4.3.0+ sha1 function, if it is available */
                $crypted_password = '******' . base64_encode(pack('H*', sha1($password_clear)));
            } else {
                if (function_exists('mhash')) {
                    $crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear));
                } else {
                    /* Your PHP install does not have the mhash() function */
                    return false;
                }
            }
            break;
        case 'ssha':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
            } else {
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;
        case 'smd5':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $crypted_password = '******' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
            } else {
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;
        case 'clear':
        default:
            $crypted_password = $password_clear;
    }
    return $crypted_password;
}