[DiscordArchive] but are you generating salt and verifier correctly?
[DiscordArchive] but are you generating salt and verifier correctly?
Original source
but are you generating salt and verifier correctly?
rektbyfaith
01-02-2024, 03:58 PM #1Archived author: Tea • Posted: 2024-01-02T15:58:15.018000+00:00
Original source
but are you generating salt and verifier correctly?
Original source
the PHP code is fine, just needs not to use the deleted column anymore
rektbyfaith
01-02-2024, 03:58 PM #2Archived author: ZaDarkSide • Posted: 2024-01-02T15:58:17.602000+00:00
Original source
the PHP code is fine, just needs not to use the deleted column anymore
Original source
you must use SHA256(email) (hex string) as username in srp, not email directly
rektbyfaith
01-02-2024, 03:58 PM #3Archived author: Tea • Posted: 2024-01-02T15:58:52.674000+00:00
Original source
you must use SHA256(email) (hex string) as username in srp, not email directly
Original source
```PHP
function Encrypt($email, $password)
{
if (!is_string($email)) {
$email = '';
}
if (!is_string($password)) {
$password = '';
}
return strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash("sha256", strtoupper(hash("sha256", strtoupper($email)) . ":" . strtoupper($password))))))));
}
```
rektbyfaith
01-02-2024, 04:00 PM #4Archived author: ZaDarkSide • Posted: 2024-01-02T16:00:56.840000+00:00
Original source
```PHP
function Encrypt($email, $password)
{
if (!is_string($email)) {
$email = '';
}
if (!is_string($password)) {
$password = '';
}
return strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash("sha256", strtoupper(hash("sha256", strtoupper($email)) . ":" . strtoupper($password))))))));
}
```
Original source
that's the PHP way to do what Shauren said
rektbyfaith
01-02-2024, 04:01 PM #5Archived author: ZaDarkSide • Posted: 2024-01-02T16:01:08.087000+00:00
Original source
that's the PHP way to do what Shauren said
Original source
thats the old sha_pass_hash, right?
rektbyfaith
01-02-2024, 04:01 PM #6Archived author: Tea • Posted: 2024-01-02T16:01:24.934000+00:00
Original source
thats the old sha_pass_hash, right?
Original source
yeah `$sha_pass_hash = Encrypt($email, $password);`
rektbyfaith
01-02-2024, 04:01 PM #7Archived author: ZaDarkSide • Posted: 2024-01-02T16:01:59.204000+00:00
Original source
yeah `$sha_pass_hash = Encrypt($email, $password);`
Original source
```PHP
function CalculateSRP6Verifier($username, $password, $salt)
{
// algorithm constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// calculate first then calculate the second hash; at last convert to integer (little-endian)
$h = gmp_import(sha1($salt . sha1(strtoupper($username . ':' . $password), true), true), 1, GMP_LSW_FIRST);
// convert back to byte array, within a 32 pad; remember zeros go on the end in little-endian
return str_pad(gmp_export(gmp_powm($g, $h, $N), 1, GMP_LSW_FIRST), 32, chr(0), STR_PAD_RIGHT);
}
// Returns SRP6 parameters to register this username/password combination with
function GetSRP6RegistrationData($username, $password)
{
// generate a random salt
/** @noinspection PhpUnhandledExceptionInspection */
$salt = random_bytes(32);
// calculate verifier using this salt
$verifier = CalculateSRP6Verifier($username, $password, $salt);
// done - this is what you put in the account table!
return array($salt, $verifier);
}
```
rektbyfaith
01-02-2024, 04:03 PM #8Archived author: ZaDarkSide • Posted: 2024-01-02T16:03:11.967000+00:00
Original source
```PHP
function CalculateSRP6Verifier($username, $password, $salt)
{
// algorithm constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// calculate first then calculate the second hash; at last convert to integer (little-endian)
$h = gmp_import(sha1($salt . sha1(strtoupper($username . ':' . $password), true), true), 1, GMP_LSW_FIRST);
// convert back to byte array, within a 32 pad; remember zeros go on the end in little-endian
return str_pad(gmp_export(gmp_powm($g, $h, $N), 1, GMP_LSW_FIRST), 32, chr(0), STR_PAD_RIGHT);
}
// Returns SRP6 parameters to register this username/password combination with
function GetSRP6RegistrationData($username, $password)
{
// generate a random salt
/** @noinspection PhpUnhandledExceptionInspection */
$salt = random_bytes(32);
// calculate verifier using this salt
$verifier = CalculateSRP6Verifier($username, $password, $salt);
// done - this is what you put in the account table!
return array($salt, $verifier);
}
```
Original source
this is salt + verifier way
rektbyfaith
01-02-2024, 04:03 PM #9Archived author: ZaDarkSide • Posted: 2024-01-02T16:03:23.371000+00:00
Original source
this is salt + verifier way
Original source
thats the old wotlk srp
rektbyfaith
01-02-2024, 04:03 PM #10Archived author: Tea • Posted: 2024-01-02T16:03:34.450000+00:00
Original source
thats the old wotlk srp
1 Guest(s)
1 Guest(s)