fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 18:51:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix compatibility with PBKDF2 hashes with iteration counts that are not zero-padded

Browse source
This commit is contained in:
Kijin Sung 2021-03-14 00:26:15 +09:00
parent 715e8d781c
commit 72e7532764
2 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/framework/password.php
View file

@ -229,7 +229,8 @@ class Password
$iterations = intval($parts[1], 10);
$key_length = strlen(base64_decode($parts[3]));
}
return self::pbkdf2($hashchain, $salt, $hash_algorithm, $iterations, $key_length);
$iterations_padding = ($salt === null || !isset($parts[1])) ? 7 : strlen($parts[1]);
return self::pbkdf2($hashchain, $salt, $hash_algorithm, $iterations, $key_length, $iterations_padding);
// phpass portable algorithm (must be used last)
case 'portable':
@ -407,9 +408,10 @@ class Password
* @param string $algorithm (optional)
* @param int $iterations (optional)
* @param int $length (optional)
* @param int $iterations_padding (optional)
* @return string
*/
public static function pbkdf2($password, $salt = null, $algorithm = 'sha512', $iterations = 16384, $length = 24)
public static function pbkdf2($password, $salt = null, $algorithm = 'sha512', $iterations = 16384, $length = 24, $iterations_padding = 7)
{
if ($salt === null)
{
@ -437,7 +439,7 @@ class Password
$hash = substr($output, 0, $length);
}
return $algorithm . ':' . sprintf('%07d', $iterations) . ':' . $salt . ':' . base64_encode($hash);
return $algorithm . ':' . str_pad($iterations, $iterations_padding, '0', STR_PAD_LEFT) . ':' . $salt . ':' . base64_encode($hash);
}
/**