// Step 1: Part of SHA512
for ($i = 1; $i <= 1000; $i++) {
// Step 2: HMAC-SHA256 with an increasing key
$passhash = hash_hmac('sha256', $_POST['password'] . $passhash, $i);
}
$passhash = crypt($passhash, $salt);
// Bcrypt the final result -- new feature!
$key = substr(hash('sha512', $_POST['password'], 1), 32);
// Encryption key
$IV = hash('sha256', $_POST['password'], 1);
// IV for
$url = $_POST['url'];
if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) {
$url = "http://{$url}";
}
$url = AES256_Encrypt($url, $key, $IV);
}
if ($_POST['time_scalar']) {
switch ($_POST['time_unit']) {
case 'm':
$tf = 60;
break;
case 'h':
$tf = 60 * 60;
break;
case 'd':
$tf = 60 * 60 * 24;
break;
case 'w':
$tf = 60 * 60 * 24 * 7;
break;
$DB->exec("INSERT INTO metadata (validUntil, saltShaker) VALUES ('{$t}', '" . base64_encode($saltKey) . "');");
$DB->exec("CREATE TABLE rings (id INTEGER PRIMARY KEY ASC, hash TEXT, ciphertext TEXT, validFlag INTEGER);");
$url = $_POST['url'];
if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) {
$url = "http://{$url}";
}
$i = 1;
foreach ($_POST['passwds'] as $p) {
$salt = hash_hmac('sha256', $saltKey, $i, true);
$iKey = substr(hash_hmac('sha512', $p, $salt, true), 32);
// 32 bytes = 256 bits, encryption key
$iHash = substr(hash_hmac('sha512', $p, $salt, false), 0, 64);
// 64 hex digits = 256 bits, comparison hash
$iIV = hash_hmac('sha256', $p, $salt, true);
// 32 bytes = 256 bits, IV
$storeURL = AES256_Encrypt($url, $iKey, $iIV);
//echo("INSERT INTO rings (id, hash, ciphertext, validFlag) VALUES ('{$i}', '{$iHash}', '{$storeURL}', '1');\n");
$DB->exec("INSERT INTO rings (id, hash, ciphertext, validFlag) VALUES ('{$i}', '{$iHash}', '{$storeURL}', '1');");
$i++;
}
$pageTitle = "Success!";
include "includes/header.php";
?>
Your Multi-Password Self-Destroying Link is:
<div style="margin: 0 2em;" class="mono">
https://tlwsd.in/v<?php
echo $nonce;
?>
</div>
<?php
include "includes/footer.php";
