thijzert/bad-passwords.php

## bad-passwords.php
<?php

/**
 * Note: from PHP 7.0 and up, rand() is identical to mt_rand().
 * In order to test both functions, run this file on PHP 5.6 or below.
 */

$date = 'Tue, 21 Feb 2018 11:21:40 +0100';
$hash = '$1$Wp8cWAg7$stCx1RGCLwwZmYJi9eKRI0';

$keyspaces = [
	"8bit" => "",
	"7bit" => "",
	"printable" => "",
	"base64" => "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
	"urlbase64" => "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",
	"hex" => "0123456789abcdef",
	"stackoverflow-1182584" => "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
	"stackoverflow-8005330" => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
	"stackoverflow-9446067" => "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/+",
	"stackoverflow-4795385" => "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
	"stackoverflow-4952160" => "1234567890abcdefghijklmnopqrstuvwxyz",
];

for ( $i =  0; $i < 256; $i++ )  $keyspaces["8bit"] .= chr($i);
for ( $i =  0; $i < 128; $i++ )  $keyspaces["7bit"] .= chr($i);
for ( $i = 33; $i < 127; $i++ )  $keyspaces["printable"] .= chr($i);

$date = strtotime($date);
$salt = substr($hash, 0, 12 );
$i;
for ( $i = $date + 60; $i > $date - 120; $i-- )
{
	verify( $i, "raw decimal time" );
	verify( dechex($i), "raw hex time" );
	verify( hex2bin(dechex($i)), "raw time" );
	verify( date("c",$i), "raw c time" );
	verify( date("r",$i), "raw r time" );


	srand( $i );
	mt_srand( $i );

	for ( $k = 0; $k < 50; $k++ )
	{
		$rand = rand();
		verify( $rand, "rand()" );
		verify( dechex($rand), "hex rand()" );
		verify( hex2bin(sprintf("%08x",$rand)), "time rand()" );
		verify( date("c",$rand), "c time rand()" );
		verify( date("r",$rand), "r time rand()" );

		$rand = mt_rand();
		verify( $rand, "mt_rand()" );
		verify( dechex($rand), "hex mt_rand()" );
		verify( hex2bin(sprintf("%08x",$rand)), "time mt_rand()" );
		verify( date("c",$rand), "c time mt_rand()" );
		verify( date("r",$rand), "r time mt_rand()" );
	}

	// This format pops up lots of times.
	// https://php.net/manual/en/function.crypt.php#102278
	for ( $k = 0; $k < 50; $k++ )
	{
		mt_srand($i);
		for ( $j = 0; $j < $k; $j++ )
			mt_rand();

		$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
		verify( $salt, "pack-salt" );
	}

	foreach ( $keyspaces as $spacename => $keyspace )
	{
		for ( $k = 0; $k < 50; $k++ )
		{
			srand( $i );
			for ( $j = 0; $j < $k; $j++ )
				rand();

			$c = "";
			for ( $j = 1; $j < 30; $j++ )
			{
				$l = rand(0,strlen($keyspace)-1);
				$c .= substr($keyspace,$l,1);

				verify( $c, "raw rand() {$spacename} chars of length {$j}" );

				if ( $spacename == "8bit" || $spacename == "7bit" )
					verify( base64_encode($c), "base64 rand() {$spacename} chars of length {$j}" );
			}


			mt_srand( $i );
			for ( $j = 0; $j < $k; $j++ )
				mt_rand();
			$c = "";
			for ( $j = 1; $j < 30; $j++ )
			{
				$l = mt_rand(0,strlen($keyspace)-1);
				$c .= substr($keyspace,$l,1);

				verify( $c, "raw mt_rand() {$spacename} chars of length {$j}" );
				if ( $spacename == "8bit" || $spacename == "7bit" )
					verify( base64_encode($c), "base64 mt_rand() {$spacename} chars of length {$j}" );
			}
		}
	}
}

function verify( $key, $label )
{
	global $hash, $salt, $i;

	$crypt = crypt( $key, $salt );
	if ( $crypt == $hash )
	{
		$d = date("Y-m-d H:i:s",$i);
		print( "{$label} worked for date {$d}\n" );
	}
}
	<?php

	/**
	* Note: from PHP 7.0 and up, rand() is identical to mt_rand().
	* In order to test both functions, run this file on PHP 5.6 or below.
	*/

	$date = 'Tue, 21 Feb 2018 11:21:40 +0100';
	$hash = '$1$Wp8cWAg7$stCx1RGCLwwZmYJi9eKRI0';

	$keyspaces = [
	"8bit" => "",
	"7bit" => "",
	"printable" => "",
	"base64" => "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
	"urlbase64" => "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",
	"hex" => "0123456789abcdef",
	"stackoverflow-1182584" => "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
	"stackoverflow-8005330" => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
	"stackoverflow-9446067" => "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/+",
	"stackoverflow-4795385" => "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
	"stackoverflow-4952160" => "1234567890abcdefghijklmnopqrstuvwxyz",
	];

	for ( $i = 0; $i < 256; $i++ ) $keyspaces["8bit"] .= chr($i);
	for ( $i = 0; $i < 128; $i++ ) $keyspaces["7bit"] .= chr($i);
	for ( $i = 33; $i < 127; $i++ ) $keyspaces["printable"] .= chr($i);

	$date = strtotime($date);
	$salt = substr($hash, 0, 12 );
	$i;
	for ( $i = $date + 60; $i > $date - 120; $i-- )
	{
	verify( $i, "raw decimal time" );
	verify( dechex($i), "raw hex time" );
	verify( hex2bin(dechex($i)), "raw time" );
	verify( date("c",$i), "raw c time" );
	verify( date("r",$i), "raw r time" );


	srand( $i );
	mt_srand( $i );

	for ( $k = 0; $k < 50; $k++ )
	{
	$rand = rand();
	verify( $rand, "rand()" );
	verify( dechex($rand), "hex rand()" );
	verify( hex2bin(sprintf("%08x",$rand)), "time rand()" );
	verify( date("c",$rand), "c time rand()" );
	verify( date("r",$rand), "r time rand()" );

	$rand = mt_rand();
	verify( $rand, "mt_rand()" );
	verify( dechex($rand), "hex mt_rand()" );
	verify( hex2bin(sprintf("%08x",$rand)), "time mt_rand()" );
	verify( date("c",$rand), "c time mt_rand()" );
	verify( date("r",$rand), "r time mt_rand()" );
	}

	// This format pops up lots of times.
	// https://php.net/manual/en/function.crypt.php#102278
	for ( $k = 0; $k < 50; $k++ )
	{
	mt_srand($i);
	for ( $j = 0; $j < $k; $j++ )
	mt_rand();

	$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
	verify( $salt, "pack-salt" );
	}

	foreach ( $keyspaces as $spacename => $keyspace )
	{
	for ( $k = 0; $k < 50; $k++ )
	{
	srand( $i );
	for ( $j = 0; $j < $k; $j++ )
	rand();

	$c = "";
	for ( $j = 1; $j < 30; $j++ )
	{
	$l = rand(0,strlen($keyspace)-1);
	$c .= substr($keyspace,$l,1);

	verify( $c, "raw rand() {$spacename} chars of length {$j}" );

	if ( $spacename == "8bit" \|\| $spacename == "7bit" )
	verify( base64_encode($c), "base64 rand() {$spacename} chars of length {$j}" );
	}


	mt_srand( $i );
	for ( $j = 0; $j < $k; $j++ )
	mt_rand();
	$c = "";
	for ( $j = 1; $j < 30; $j++ )
	{
	$l = mt_rand(0,strlen($keyspace)-1);
	$c .= substr($keyspace,$l,1);

	verify( $c, "raw mt_rand() {$spacename} chars of length {$j}" );
	if ( $spacename == "8bit" \|\| $spacename == "7bit" )
	verify( base64_encode($c), "base64 mt_rand() {$spacename} chars of length {$j}" );
	}
	}
	}
	}

	function verify( $key, $label )
	{
	global $hash, $salt, $i;

	$crypt = crypt( $key, $salt );
	if ( $crypt == $hash )
	{
	$d = date("Y-m-d H:i:s",$i);
	print( "{$label} worked for date {$d}\n" );
	}
	}