我已经在尝试许多哈希算法(使用hashcat)但没有结果。。
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
stderr("Error", "Missing form data.");
if ($_POST["password"] != $_POST["password2"])
stderr("Error", "Passwords mismatch.");
if (!validemail($_POST['email']))
stderr("Error", "Not valid email");
$username = sqlesc($_POST["username"]);
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$secret = mksecret();
$passhash = sqlesc(md5($secret . $password . $secret));
$secret = sqlesc($secret);
mysql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', $email)") or sqlerr(__FILE__, __LINE__);
$res = mysql_query("SELECT id FROM users WHERE username=$username");
$arr = mysql_fetch_row($res);
if (!$arr)
stderr("Error", "Unable to create the account. The user name is possibly already taken.");
header("Location: $BASEURL/userdetails.php?id=$arr[0]");
die;
}
这个代码https://github.com/mlangill/biotorrents/blob/master/adduser.php
这是什么类型的散列?
感谢
哈希(7d022cb232c1245fcfe03584477ca247c4efeefe)有40个字符,使其看起来像SHA1。
MD5散列只有32个字符。
在您的示例中,您正在使用salted hashes进行密码哈希。e1e69fc477abad67f92d7e8fc824d29f6e03d776是sha1sum,wf678r4mk4boix98rfrgefa0zzelka97似乎是盐。