} $found = false; //ob_start(); //echo "{$saltKey}\n<pre>"; foreach ($DB->query("SELECT * FROM rings") as $row) { $i = intval($row['id']); $salt = hash_hmac('sha256', $saltKey, $i, true); if ($row['hash'] == substr(hash_hmac('sha512', $_POST['password'], $salt, false), 0, 64)) { // CORRECT PASSWORD: $found = true; $key = substr(hash_hmac('sha512', $_POST['password'], $salt, true), 32); // 32 bytes = 256 bits, encryption key $IV = hash_hmac('sha256', $_POST['password'], $salt, true); // 32 bytes = 256 bits, IV $newHash = hash('sha256', openssl_random_pseudo_bytes(64)); $url = AES256_Decrypt($row['ciphertext'], $key, $IV); $newCipher = base64_encode(openssl_random_pseudo_bytes(strlen(base64_decode($row['ciphertext'])))); // For replacing $DB->exec("UPDATE rings SET validFlag = '0', ciphertext = '{$newCipher}', hash = '{$newHash}' WHERE id = '{$i}'"); $numValid--; if ($numValid < 1) { while (!shredData(NONCE_ROOT . "{$req}.ring")) { // If it returns false, wait a few clock cycles usleep(1000); } } // Overwrite //ob_end_clean(); if (!$_COOKIE['neverForward']) { header("Location: {$data}"); die($url);
$hashL = substr(hash('sha512', $_POST['password']), 0, 64); // Hash if (preg_match('/^\\$2a/', $passhash)) { // New schema: Add 1000 rounds of HMAC-SHA256 with an increasing HMAC key, // then bcrypt the final result. for ($i = 1; $i <= 1000; $i++) { $hashL = hash_hmac('sha256', $_POST['password'] . $hashL, $i); } $hashL = crypt($hashL, $passhash); } if ($hashL == $passhash) { $hashR = substr(hash('sha512', $_POST['password'], 1), 32); // Encryption key $IV = hash('sha256', $_POST['password'], 1); // IV for AES-256-CBC $data = AES256_Decrypt($data, $hashR, $IV); $life--; if ($life > 0) { file_put_contents(NONCE_ROOT . "{$req}.nonce", "{$life}\n{$passhash}\n{$data}\n{$timeMax}"); } else { while (!shredData(NONCE_ROOT . "{$req}.nonce")) { // If it returns false, wait a few clock cycles usleep(1000); } } if ($_COOKIE['alwaysForward']) { header("Location: {$data}"); } else { $data = removeXSS($data); // Experimental; without warranty include "includes/header.php";