[1.0.3] hash() algorithm info script
Lets face it. MD4 and MD5 are old and compromised. SHA1 even has a few risks associated with it now. The hash() function, with its many algorithms, is a godsend ... but which do you choose? Which do you have? How many characters will the hash take in your database?
Now you know!
This script is a simplistic little thing, sorta, that rates the algorithms present upon your server, extracts any known information (hardcoded into the script unfortunately), and tells you how many characters the HEX code will take for the hash. It even has a handy-dandy (approximate) strength indicator.
HOWEVER! No strong hash will ever secure a terrible password. ' ' hashed will always fall quickly to a brute force assault. So, while the difference in hashes can make good difference in preventing collision attacks, the password length and strength is just as, if not more, important.
1.0 release 2
I wrote this because I was tired of constantly looking things up, doing the math, and figuring it all out every time I want to pick a hash algorithm.
I wouldn't suggest you read this script to learn from me. This time around it's a disorganized mess. It was complex enough to get working without losing track of my variables. That said, it isn't too bad and it (better yet) works.
Oh yeah, and the columns sort themselves when you click on the column header.
Just unzip and upload; navigate to whatever directory you put it in, and load the script.
Me, of course, for the brunt of the typing and research behind the algorithms.
WildHoney and Salathe, for helping my HORRID command of regex. ^^
Err... didn't know it needed one. This'n is simple. Maybe BSD? PM for commercial use permission, please.
That performs quite well actually. I notice my PHP code there at the top for the preg_match :-) Maybe have a speed test there as well for the generation?
I'm not quite sure what you are asking.
Right now I'm working on an OOP version for installer scripts. That way the hashes, salts, and even session hashes can all be different from site to site--and be picked for their speed on the client system. So far this is fun, sorting based on an object's property, foreach iterating through a class, and much more that really helps out.
Oh, I didn't realise there was a speed test already incorporated into the script. My bad. The OOP version sounds intriguing.
[1.0.3] updated hash() enumerator
New tweaks, footer, and a slight regex change suggested by Salathe. Redownloading isn't important, unless you really want it.
The class(es) unit for the OOP version is only 260 lines, but it has built in fitness checking. Fitness checking being a comparison of strength, speed, and the stability (standard deviation) of that speed over three tests. The built in sorting is really cool, if I say so myself, because I lept on a random tangent and wound up being right after all. Always a good feeling! It's going to take some work before it's really ready--documentation, cleanup, and license application--but it's amazing how much you can learn from something simplistic like this.
I already have my next class/module lined up for development past this.
|All times are GMT. The time now is 03:28 AM.|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0