Bogir
Reputation: 63
How-to make salt hash using PHP to register new account from web?
What would be the PHP algorithm to authenticate an AzerothCore account (make salt and verifier) after the sha_pass_hash field has been removed?
Before we used:
$sha_pass_hash = getPasswordHash($account_name, $password);
How does it work now? How to make salt and verifier to register a new account?
Can anyone provide some detailed instruction with an example?
Upvotes: 3
Views: 633
Answers (1)
Stefano Borzì
Reputation: 2536
I've just did for the acore-cms here https://github.com/azerothcore/acore-cms/pull/20/files
I even post for a quick view the code to calculate the password with the salt:
function CalculateSRP6Verifier($username, $password, $salt)
{
// algorithm constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// calculate first hash
$h1 = sha1(strtoupper($username . ':' . $password), TRUE);
// calculate second hash
$h2 = sha1($salt.$h1, TRUE);
// convert to integer (little-endian)
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
// g^h2 mod N
$verifier = gmp_powm($g, $h2, $N);
// convert back to a byte array (little-endian)
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
// pad to 32 bytes, remember that zeros go on the end in little-endian!
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;
}
Remember to install the php-gmp library.
If you need to create an account you can use this to generate the salt:
// generate a random salt
$salt = random_bytes(32);
These code is strongly inspired by the MasterKing32 CMS.
Upvotes: 2
Related Questions
- How to use PHP's password_hash to hash and verify passwords
- How to hash password register?
- How to use password_hash Register And Login
- How to use salt and hash in login?
- How to hash and salt passwords
- PHP hashed & salted password
- hashing password with salt
- password salt storing
- Hashing (with salts) Username and Password in php
- Generate password hashes for user registration on Kohana