diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-10-11 13:34:40 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-10-11 13:34:40 +0200 |
| commit | b795ce8b7dec4831de702947c97ad698aec5bbe2 (patch) | |
| tree | a173c5e2ee73ebb5c3ca130ab1ca0c5182d69103 | |
| parent | da39707d16500d18ca642587cb08958a3c09369c (diff) | |
| download | forums-b795ce8b7dec4831de702947c97ad698aec5bbe2.tar forums-b795ce8b7dec4831de702947c97ad698aec5bbe2.tar.gz forums-b795ce8b7dec4831de702947c97ad698aec5bbe2.tar.bz2 forums-b795ce8b7dec4831de702947c97ad698aec5bbe2.tar.xz forums-b795ce8b7dec4831de702947c97ad698aec5bbe2.zip | |
[feature/passwords] Remove obsolete hashing functions from functions.php
These hashing functions have been worked into the salted md5 driver.
PHPBB3-11610
| -rw-r--r-- | phpBB/includes/functions.php | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 06fa307614..561ebaabb4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -403,116 +403,6 @@ function phpbb_check_hash($password, $hash) } /** -* Generate salt for hash generation -*/ -function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6) -{ - if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) - { - $iteration_count_log2 = 8; - } - - $output = '$H$'; - $output .= $itoa64[min($iteration_count_log2 + 5, 30)]; - $output .= _hash_encode64($input, 6, $itoa64); - - return $output; -} - -/** -* Encode hash -*/ -function _hash_encode64($input, $count, &$itoa64) -{ - $output = ''; - $i = 0; - - do - { - $value = ord($input[$i++]); - $output .= $itoa64[$value & 0x3f]; - - if ($i < $count) - { - $value |= ord($input[$i]) << 8; - } - - $output .= $itoa64[($value >> 6) & 0x3f]; - - if ($i++ >= $count) - { - break; - } - - if ($i < $count) - { - $value |= ord($input[$i]) << 16; - } - - $output .= $itoa64[($value >> 12) & 0x3f]; - - if ($i++ >= $count) - { - break; - } - - $output .= $itoa64[($value >> 18) & 0x3f]; - } - while ($i < $count); - - return $output; -} - -/** -* The crypt function/replacement -*/ -function _hash_crypt_private($password, $setting, &$itoa64) -{ - $output = '*'; - - // Check for correct hash - if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$') - { - return $output; - } - - $count_log2 = strpos($itoa64, $setting[3]); - - if ($count_log2 < 7 || $count_log2 > 30) - { - return $output; - } - - $count = 1 << $count_log2; - $salt = substr($setting, 4, 8); - - if (strlen($salt) != 8) - { - return $output; - } - - /** - * We're kind of forced to use MD5 here since it's the only - * cryptographic primitive available in all versions of PHP - * currently in use. To implement our own low-level crypto - * in PHP would result in much worse performance and - * consequently in lower iteration counts and hashes that are - * quicker to crack (by non-PHP code). - */ - $hash = md5($salt . $password, true); - do - { - $hash = md5($hash . $password, true); - } - while (--$count); - - $output = substr($setting, 0, 12); - $output .= _hash_encode64($hash, 16, $itoa64); - - return $output; -} - -/** * Hashes an email address to a big integer * * @param string $email Email address |