//A more usefull example for generating SMD5 passwords.
function ldap_smd5_passwd($clear_pw) {
$salt = myhash_keyge_s2k($clear_pw, 4);
$new_password = base64_encode(pack("H*", md5($clear_pw . $salt)) . $salt);
return $new_password ;
}
function myhash_keyge_s2k($pass, $bytes ){
// This and md5 implimentation of the Salted S2K algorithm as
// specified in the OpenPGP document (RFC 2440).
// basically a non mhash dependant version of mhash_keygen_s2k
$salt=substr(pack("h*", md5(mt_rand())), 0, 8);
return substr(pack("H*", md5($salt . $pass)), 0, $bytes);
}
// -ray again.
mhash_keygen_s2k
Description
string mhash_keygen_s2k ( int hash, string password, string salt, int bytes )mhash_keygen_s2k() generates a key that is bytes long, from a user given password. This is the Salted S2K algorithm as specified in the OpenPGP document (RFC 2440). That algorithm will use the specified hash algorithm to create the key. The salt must be different and random enough for every key you generate in order to create different keys. That salt must be known when you check the keys, thus it is a good idea to append the key to it. Salt has a fixed length of 8 bytes and will be padded with zeros if you supply less bytes.
Keep in mind that user supplied passwords are not really suitable to be used as keys in cryptographic algorithms, since users normally choose keys they can write on keyboard. These passwords use only 6 to 7 bits per character (or less). It is highly recommended to use some kind of transformation (like this function) to the user supplied key.
add a note
User Contributed Notes
Ray Ferguson
29-Nov-2003 02:51
29-Nov-2003 02:51
php_at_share-foo.com
17-Jul-2003 02:18
17-Jul-2003 02:18
// given random 8 bits of salt and a clear text password
$clear_pw = "p4ssw0rd" ;
$rand8bites4salt = substr(pack("h*", md5(mt_rand())) , 0, 8);
// This
mhash_keygen_s2k(MHASH_MD5, $clear_pw, $rand8bites4salt, 4) ;
//is the same as this
function myhash_keyge_s2k($pass, $salt, $bytes ){
return substr(pack("H*", md5($salt . $pass)), 0, $bytes);
}
myhash_keyge_s2k($clear_pw, $rand8bites4salt, 4);
// But the latter doesn't require mhash libs.
// -ray ferguson