archive/HashPass
1
0
Fork 0
mirror of https://github.com/c0de-archive/HashPass.git synced 2024-12-22 03:32:40 +00:00
Code Issues Projects Releases Wiki Activity

Updated Readme.md

Browse Source
This commit is contained in:
Arctic Code 2013-01-26 17:57:06 -05:00
parent dfa9b9f06f
commit b90f9b1bc1
1 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -1,4 +1,34 @@
HashPass
========
HashPass is my password hashing function to be used in my main site to handle passwords
HashPass is my password hashing function to be used in my main site to handle login passwords.
It is heavily commented, perhaps too commented but it explains everything.
Included files are: HashPass.php, test.php, and Readme.md
Currently this is only php, but it could easily be ported to different languages as long as they support:
random number generation, Sha1-Sha512, seperating strings into arrays, and loops.
Use would be something like: $newpass = hashpass($oldpass, $i, $salt); Where $oldpass is the only required option.
$i and $salt are number of iterations to go through the loop and the random seed to create the same hash, respectivly.
If $i is not specified, it will simply hash everything once. While secure in this state,
it still has less entropy than using the loop two or more times.
If $salt is not specified, it will generate a new one based on two large random numbers and store the sha256 result.
If you have a better salt generation method, feel free to bypass by including $salt which will not use the built in generator.
The function returns one value 129 bytes long. This is the combined final hash of the password and the salt.
It's seperated by a '/', so in php to seperate it would be like:
$newpass = explode('/', $newpass);
$newsalt = $newpass[1]; // The salt is always the second part of the array
$newpass = $newpass[0]; // The password is always the first part of the array
I have a live demo of the use of HashPass located at http://p.unps.us/pass Arguments are fed through the url using GET.
For example if I wanted to hash "worldsbestestpassword123", I would do http://p.unps.us/pass/?pass=worldsbestestpassword123
Continuing on from above, lets specify a number of iterations (hard limit of 50 on this demo): http://p.unps.us/pass/?pass=worldsbestestpassword123&i=4
One more argument is accepted, and that is salt. Previously generated salts ar 64 characters long, but anything will work there.
HashPass by David Todd is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Please attribute to my domain: http://www.unps-gama.info and let me know of any improvements I can make!