I have the following Visual Basic .NET function that is used to generate password hashes that are stored in an internal database:
Public Function HashPassword(ByVal Password As String, ByVal Salt As String) As String
Dim pwd As String = Password & Salt
Dim hasher As New Security.Cryptography.SHA256Managed()
Dim pwdb As Byte() = System.Text.Encoding.UTF8.GetBytes(pwd)
Dim pwdh As Byte() = hasher.ComputeHash(pwdb)
Return Convert.ToBase64String(pwdh)
End Function
I need help creating a PHP equivalent of the above function:
Example:
Assuming a password string of: warn
A salt value of: i<|Xf":n_y_Yr"Lor`qAA].QK(2C8AJ:Z"\f&TC7bi=Acw_.w|
The returned hash should be: 0Yq3gR09U1GKfFRzmRxdJXK5jSQowHp/YLGA88p0s18=
I'm having trouble replicating the hash in PHP.
Kind Regards,
Voxinator
first links in google :(
http://www.php.net/manual/en/function.hash.php with sha256
http://www.php.net/manual/en/function.base64-encode.php
$pwd = 'warn';
$salt = 'i<|Xf":n_y_Yr"Lor`qAA].QK(2C8AJ:Z"\f&TC7bi=Acw_.w|';
$pwd .= $salt;
$r1 = hash('sha256', $pwd, true); // binary hash
$r2 = base64_encode($r1); // base64 representation
echo $r2;
output
0Yq3gR09U1GKfFRzmRxdJXK5jSQowHp/YLGA88p0s18=
How about something like that?
private static function hash($string) {
$result = '';
if (substr($string, 0, 1) == '#')
$result = $string;
else {
$result = '#' . hash('sha256', $string);
}
return $result;
}
You can just pass the user-provided password, or even an already hashed password as it will detect if already hashed or not. Of course this presumes that passwords starting with a #hash character are not allowed (and would be caught before).
To hash passowrds, i'm currently using a function similar to:
function hashPassword($str, $salt='786df') {
hash('sha512', $salt.$str.'7');
}
This is a SH512 with a dynamic salt (per site) and a fixed salt (to have a salt if $salt is empty that is a php constant in fact). This solution is ultra secure, I understand it made hashes that are very hard to decrypt.
Like you did, you can use SHA256 by this way and then use base64_encode() (probably useless).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 聊天终结者 的文章《A PHP equivalent for a VB.NET password hash functi》','https://www.manongdao.com/article-883551.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}