-
-
Save paragonie-scott/a6e0d9b9929cb0a2c3db to your computer and use it in GitHub Desktop.
Use that code and use any hash you wish too use,, Even using using md5 and this double salt it cannot be hacked.
"It cannot be hacked." Really? Are you willing to bet the farm on this? What happens if someone obtains the source code?
https://en.wikipedia.org/wiki/Kerckhoffs's_principle
I do not know who you are Scott but you really go by the book with no idea about how algorithm type matches work do you?
https://www.google.com/search?q=%22algorithm+type+matches%22&ie=utf-8&oe=utf-8
I'm convinced that this is a wholly made-up term.
I'm not here to offend anyone but when you use any hash even the newest ones they can be type matched.
What do you mean by type matched?
This is why us real developers who never get hacked use Salts.
Er, "real developers"? As opposed to a fake developer?
Also, you totally misunderstand the purpose of a salt. A salt is meant to make sure that two different users with the same password will result in a different hash, deterministically. Using a constant string for a "salt" is a bad idea.
Bcrypt (password_hash()
and password_verify()
) uses a 128-bit random string as the salt, per user. Your algorithm uses two constant strings.
And Password Lock will not work for a member of a website who is a "hacker" in secret as a member.
Uh, no shit. If someone has persistent root access on your server, there's very little you can to do stop them from discretely logging passwords in plaintext.
Then he gets your hashed data then type matches all of it to known algorithm matches to already defined hash encrypted data.
All of this sounds like you're arguing for security through obscurity.
class security | |
{ | |
private function addSalt($pass) | |
{ | |
$salt1='abcdefghijkl'; //OUR FIRST 12 CHAR SALT | |
$salt2='opqrstuvwxyz'; //OUR 2ND 12 CHAR SALT | |
$md5 = (md5($pass)); | |
$hash1 = $salt1.$md5.$salt2;// SALT1-MD5-SALT2 COMBINED | |
$hash2 = strrev($hash1); //WE FLIP-REVERSE THE HASH | |
echo $hash2;//CHANGE TO RETURN | |
}//end func | |
private function unSalt($pass2) | |
{ | |
$a1 = substr($pass2, -44); // WE STRIP THE FIRST 12 CHAR SALT | |
$b1 = strrev($a1); //WE UN-FLIP THE HASH | |
$md_5 = substr($b1, -32); // WE FETCH OUR ORIGINAL MD5 AND STRIP THE 2ND SALT | |
echo $md_5;//CHANGE TO RETURN | |
}//end func | |
}//end class | |
USAGE: | |
$password='razorback1'; | |
$pass_data ='zyxwvutsrqpo82fad4f7115b8bee54e7c9245fa594dalkjihgfedcba'; | |
$secure = new security; | |
$secure->addSalt($password); | |
echo'<br />'; | |
$secure->unSalt($pass_data); |
https://3v4l.org/nr8GL - yes, so secure