Password hashing

[patgre]

Hey,

 

im creating website for register and login for intersect engine and i cant understand password hashing.

can someone do an example in php?

Thanks in advance for the help

[Skaveron]

Yeah, first of all you need to write your own hash function.

public function make($value) {
    return hash("sha256", $value);
}

Also, the password is double hashed. You first need to hash the password and then hash the result with the salt, so something like this; (EDIT: Ah, I see you already got that far!)

 

public function validateCredentials(Authenticatable $user, array $credentials)
    {
        // Check that given credentials belong to the given user        
        $username= $credentials['username'];
        $pass = $credentials['password'];     
        
        $hashedPass = strtoupper(str_replace(["-", "–"], '', Hash::make($pass)));
        $saltedPass = strtoupper(str_replace(["-", "–"], '', Hash::make(strtoupper($hashedPass) . $user->salt)));
                
        $valid_user = IntersectUser::where(['username' => $username, 'pass' => $saltedPass])->first();
        
        if ($valid_user) {
            return TRUE;
        }
        return FALSE;
    }

 

Once the source is released, I'm going to pick up work on the web companion again.

[Cheshire]

Pretty sure you posted about this in Discord, and you got very close:

 

 

But you're not using SHA256, you're using BCRYPT which you wrapped in a method called SHA256.

 

You already found this: 

And we've explained the basics of how it works (which you've understood, given your example above but using the wrong hashing algorithm and not generating and saving the salt)

Basically, you're really close and despite me constantly telling you that and telling you to stop using BCRYPT you want us to just do it for you? 

[patgre]

please help meeee, this noot workingg

result:



and no working in intersect client

[Cheshire]

43 minutes ago, SonicMicro234 said:

Relax....your using an open source program to make your *Ahem hobby.....

I wouldnt go as far as password hashing. Also we could easily read it in VS,VB or whatever the fuck you compiling it in.

It's not that he's adding it in, it's already a thing in Intersect. He's trying to make it work with external passwords.

[patgre]

@Skaveron Thanks man! This working

[Otu]

Hey, sorry for my English

I wrote a php code that encodes a password in php and wanted to share it.

$password = $_POST['YourPassword'];
function strToHex($string){
    $hex = '';
    for ($i=0; $i<strlen($string); $i++){
        $ord = ord($string[$i]);
        $hexCode = dechex($ord);
        $hex .= substr('0'.$hexCode, -2);
    }
    return strToUpper($hex);
}
$salt = "AD07665AE12767B2B712752595D0E4C16479B01D07E66AF9F9E6081C811C4C21"; //Salt pulled from the database
$pass = strToHex(hash('sha256',$password,true)).$salt;
$hash = strToHex(hash('sha256',$pass,true));

 

[SonicMicro234]

Relax....your using an open source program to make your *Ahem hobby.....

I wouldnt go as far as password hashing. Also we could easily read it in VS,VB or whatever the fuck you compiling it in.