我正在尝试在 php 中复制以下代码以创建一个基于 Web 的帐户创建脚本,但我并不真正了解 md5 哈希之前发生了什么。
这是代码:
reg_seconds = (unsigned) regtime / 3600L;
ch = strlen (&password[0]);
_itoa (reg_seconds, &config_data[0], 10 );
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
//printf ("New password = %s\n", password );
MDString (&password[0], &MDBuffer[0] );
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
当使用密码“password”和注册时间“399969”时,我得到的哈希密码为“9a5c041c5b37febc90ad3dc66ec62c83”
有人能解释到底发生了什么以及最终被散列的字符串是什么吗?
最佳答案
好吧,让我们逐行查看,假设password =“password”并且regtime = 399969
reg_seconds = (unsigned) regtime / 3600L;
=> reg_seconds = 111 NB incoherent with the name, isn't is regtime % 3600L
ch = strlen (&password[0]);
=> ch = 8
_itoa (reg_seconds, &config_data[0], 10 );
=> config_data = "111"
//Throw some salt in the game ;)
sprintf (&password[ch], "_%s_salt", &config_data[0] );
=> password = "password_111_salt"
//printf ("New password = %s\n", password ); Why did not you uncomment this ?
MDString (&password[0], &MDBuffer[0] );
MDBuffer receives the binary hash
for (ch=0;ch<16;ch++)
sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
md5password[32] = 0;
md5password receives the hex encoded hash : "033f7d591eda915e708571edd255b511"
哎呀,这不是预期的哈希值!
因为 399969 不是 regtime,而是上面代码中的 reg_seconds...所以
password = "password_399969_salt"
md5password = "9a5c041c5b37febc90ad3dc66ec62c83"
关于谁能解释一下这个C密码哈希算法吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32069132/