// Step 1: Part of SHA512 for ($i = 1; $i <= 1000; $i++) { // Step 2: HMAC-SHA256 with an increasing key $passhash = hash_hmac('sha256', $_POST['password'] . $passhash, $i); } $passhash = crypt($passhash, $salt); // Bcrypt the final result -- new feature! $key = substr(hash('sha512', $_POST['password'], 1), 32); // Encryption key $IV = hash('sha256', $_POST['password'], 1); // IV for $url = $_POST['url']; if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) { $url = "http://{$url}"; } $url = AES256_Encrypt($url, $key, $IV); } if ($_POST['time_scalar']) { switch ($_POST['time_unit']) { case 'm': $tf = 60; break; case 'h': $tf = 60 * 60; break; case 'd': $tf = 60 * 60 * 24; break; case 'w': $tf = 60 * 60 * 24 * 7; break;
$DB->exec("INSERT INTO metadata (validUntil, saltShaker) VALUES ('{$t}', '" . base64_encode($saltKey) . "');"); $DB->exec("CREATE TABLE rings (id INTEGER PRIMARY KEY ASC, hash TEXT, ciphertext TEXT, validFlag INTEGER);"); $url = $_POST['url']; if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) { $url = "http://{$url}"; } $i = 1; foreach ($_POST['passwds'] as $p) { $salt = hash_hmac('sha256', $saltKey, $i, true); $iKey = substr(hash_hmac('sha512', $p, $salt, true), 32); // 32 bytes = 256 bits, encryption key $iHash = substr(hash_hmac('sha512', $p, $salt, false), 0, 64); // 64 hex digits = 256 bits, comparison hash $iIV = hash_hmac('sha256', $p, $salt, true); // 32 bytes = 256 bits, IV $storeURL = AES256_Encrypt($url, $iKey, $iIV); //echo("INSERT INTO rings (id, hash, ciphertext, validFlag) VALUES ('{$i}', '{$iHash}', '{$storeURL}', '1');\n"); $DB->exec("INSERT INTO rings (id, hash, ciphertext, validFlag) VALUES ('{$i}', '{$iHash}', '{$storeURL}', '1');"); $i++; } $pageTitle = "Success!"; include "includes/header.php"; ?> Your Multi-Password Self-Destroying Link is: <div style="margin: 0 2em;" class="mono"> https://tlwsd.in/v<?php echo $nonce; ?> </div> <?php include "includes/footer.php";