couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Hewitt <mar...@thenoi.se>
Subject Re: PHP-based SHA1 algorithm?
Date Wed, 23 Mar 2011 13:15:41 GMT
Hi Stefan,

From here: http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization

"The salt attribute is the hexadecimal representation of the salt used to generate the user's
password hash."

Might have gotten the wrong end of the stick though...

Martin 

On 23 Mar 2011, at 13:13, Stefan Matheis wrote:

> Hey again,
> 
> just wondering about the following lines
> 
>> $salt = "qwertyuiop";
>> $user['salt'] = bin2hex($salt);
> 
> is that really, what you want to do / what couch requires you to do?
> 
> $ php -r 'var_dump("qwertyuiop", bin2hex("qwertyuiop"));'
> string(10) "qwertyuiop"
> string(20) "71776572747975696f70"
> 
> could find no step in any couch-related document about that
> requirement, you're refering to which one Martin?
> 
> Regards
> Stefan
> 
> On Wed, Mar 23, 2011 at 1:53 PM, Martin Hewitt <martin@thenoi.se> wrote:
>> Hi all,
>> 
>> Just wondering if anyone has done this successfully in PHP and could offer advice?
>> 
>> My code is currently:
>> 
>> $user = array();
>> $user['_id'] = "org.couchdb.user:".$newUser;
>> $user['type'] = "user";
>> $user['name'] = $newUser;
>> $user['roles'] = "numpty";
>> 
>> $salt = "qwertyuiop";
>> $newPassword = "test";
>> 
>> $user['password_sha'] = sha1($newPassword.$salt);
>> $user['salt'] = bin2hex($salt);
>> 
>> And I can't login through Futon.
>> 
>> Any help greatly appreciated!
>> 
>> Martin
>> 
>> On 23 Mar 2011, at 08:40, Stefan Matheis wrote:
>> 
>>> Martin,
>>> 
>>> based on http://wiki.apache.org/couchdb/Security_Features_Overview#Generating_password_sha
>>> what's wrong about php's sha1() function?
>>> 
>>> $ php -r "echo sha1('foobar');"
>>> 8843d7f92416211de9ebb963ff4ce28125932878
>>> 
>>> it's the same result as stated there for erlang, ruby & python :)
>>> 
>>> Regards
>>> Stefan
>>> 
>>> On Wed, Mar 23, 2011 at 4:33 AM, Martin Hewitt <martin@thenoi.se> wrote:
>>>> Hi all,
>>>> 
>>>> I'm writing a build process in Phing, part of which involves creating a new
CouchDB user. I'm having trouble logging in as the created user and have an inkling that it's
down to the SHA1 encryption of the password and salt, as the Security wiki page is quite specific
about what SHA1s work and which ones don't.
>>>> 
>>>> My question is - does anyone know if there's a way to generate a CouchDB-friendly
SHA1 hash in PHP?
>>>> 
>>>> Thanks,
>>>> 
>>>> Martin
>> 
>> 


Mime
View raw message