Skip to content

Instantly share code, notes, and snippets.

@joshkehn
Created June 14, 2010 19:29
Show Gist options
  • Save joshkehn/438162 to your computer and use it in GitHub Desktop.
Save joshkehn/438162 to your computer and use it in GitHub Desktop.
/***************
Comes from a SO comment
@Josh K: This is a little over-the-top: $hash = sha1(sha1($password) ^ $salt);, $hash = sha1($password.$salt); would work just as well in practice (and faster). Also, the only reason I can think of to sha1(microtime()) is to constrain it to something that can fit in your column, and substr(str(microtime()), 0, 160) would work equally well (and faster), although I doubt microtime() gives a > 160 digit number anyway. Of course, you might be intentionally making it slow (so it would take more time to crack), but the performance should at least be mentioned.
Question: http://stackoverflow.com/questions/3038136/am-i-supposed-to-store-hashes-for-passwords/3038182#3038182
User: http://stackoverflow.com/users/212555/brendan-long
**************/
/*
1000 in 0.468002796173 XOR
1000 in 0.465842008591 XOR
1000 in 0.466115951538 XOR
1000 in 0.498080968857 CAT
1000 in 0.506876945496 CAT
1000 in 0.500174045563 CAT
*/
function microtime_float()
{
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
$start_time = $this->microtime_float();
for($i = 0; $i < 100000; $i++)
{
// Change . to ^ to test XOR
$sha = sha1(sha1(microtime()) . sha1(microtime()));
}
$end_time = $this->microtime_float();
error_log("1000 in " . ($end_time-$start_time));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment