From user-return-15386-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Wed Mar 23 13:13:41 2011
Return-Path: <user-return-15386-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 13859 invoked from network); 23 Mar 2011 13:13:40 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 23 Mar 2011 13:13:40 -0000
Received: (qmail 67727 invoked by uid 500); 23 Mar 2011 13:13:39 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 67675 invoked by uid 500); 23 Mar 2011 13:13:39 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 67667 invoked by uid 99); 23 Mar 2011 13:13:39 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Mar 2011 13:13:39 +0000
X-ASF-Spam-Status: No, hits=0.0 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of matheis.stefan@googlemail.com designates 209.85.210.180 as permitted sender)
Received: from [209.85.210.180] (HELO mail-iy0-f180.google.com) (209.85.210.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Mar 2011 13:13:34 +0000
Received: by iyf40 with SMTP id 40so11729706iyf.11
        for <user@couchdb.apache.org>; Wed, 23 Mar 2011 06:13:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type:content-transfer-encoding;
        bh=vF8FfThFaSBdJ4DSNCtl6jPAG82nMBNSZfWWjAjmY3Q=;
        b=fA39RDgZYSWQPzl3sXontbC76SjN3tDSjMoSuJ5F40V1jxewa9KtL+Nwn08sNdUakE
         yg/ZlJHUlHtJgyAzS0OQTy0ibwvRqzoU2bKlGV7VgzNXykU2In4gEkpc1pSLwO4cHBXn
         IJ2whZd21qD0wuglQP+f4MThIBtrkcvg2/WA0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=eR45JkiOmddWxbzjOKlM/hoQDS1pl0IoINAgrGkO3mdpUn/lv/h4H6X8Uc7k7evRhM
         iwRJms4dMjAn0I3Ul84olkDtd7iyA7B1T2EeAFJ0UP+GhLr1yj+8W20/jp5ywaJQ72Yz
         yn7w38W2XJBbvSKyvy7ASuQCr9DLR7au+/rbg=
MIME-Version: 1.0
Received: by 10.42.157.6 with SMTP id b6mr2402805icx.522.1300885992239; Wed,
 23 Mar 2011 06:13:12 -0700 (PDT)
Received: by 10.42.2.199 with HTTP; Wed, 23 Mar 2011 06:13:12 -0700 (PDT)
In-Reply-To: <338D4FB2-89BB-46E8-905A-1E11E67F2E24@thenoi.se>
References: <1C449572-2BB6-450E-A408-6C7E5CEE3BE4@thenoi.se>
	<AANLkTinnWjw4Sfwuy3S77Hh09aix6931CWh8ozbYkRoZ@mail.gmail.com>
	<338D4FB2-89BB-46E8-905A-1E11E67F2E24@thenoi.se>
Date: Wed, 23 Mar 2011 14:13:12 +0100
Message-ID: <AANLkTi=Wo0V7ikOe2RGM9Bkf_koU1QWgO1cXR3qQy=Y3@mail.gmail.com>
Subject: Re: PHP-based SHA1 algorithm?
From: Stefan Matheis <matheis.stefan@googlemail.com>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hey again,

just wondering about the following lines

> $salt =3D "qwertyuiop";
> $user['salt'] =3D bin2hex($salt);

is that really, what you want to do / what couch requires you to do?

$ php -r 'var_dump("qwertyuiop", bin2hex("qwertyuiop"));'
string(10) "qwertyuiop"
string(20) "71776572747975696f70"

could find no step in any couch-related document about that
requirement, you're refering to which one Martin?

Regards
Stefan

On Wed, Mar 23, 2011 at 1:53 PM, Martin Hewitt <martin@thenoi.se> wrote:
> Hi all,
>
> Just wondering if anyone has done this successfully in PHP and could offe=
r advice?
>
> My code is currently:
>
> $user =3D array();
> $user['_id'] =3D "org.couchdb.user:".$newUser;
> $user['type'] =3D "user";
> $user['name'] =3D $newUser;
> $user['roles'] =3D "numpty";
>
> $salt =3D "qwertyuiop";
> $newPassword =3D "test";
>
> $user['password_sha'] =3D sha1($newPassword.$salt);
> $user['salt'] =3D bin2hex($salt);
>
> And I can't login through Futon.
>
> Any help greatly appreciated!
>
> Martin
>
> On 23 Mar 2011, at 08:40, Stefan Matheis wrote:
>
>> Martin,
>>
>> based on http://wiki.apache.org/couchdb/Security_Features_Overview#Gener=
ating_password_sha
>> what's wrong about php's sha1() function?
>>
>> $ php -r "echo sha1('foobar');"
>> 8843d7f92416211de9ebb963ff4ce28125932878
>>
>> it's the same result as stated there for erlang, ruby & python :)
>>
>> Regards
>> Stefan
>>
>> On Wed, Mar 23, 2011 at 4:33 AM, Martin Hewitt <martin@thenoi.se> wrote:
>>> Hi all,
>>>
>>> I'm writing a build process in Phing, part of which involves creating a=
 new CouchDB user. I'm having trouble logging in as the created user and ha=
ve an inkling that it's down to the SHA1 encryption of the password and sal=
t, as the Security wiki page is quite specific about what SHA1s work and wh=
ich ones don't.
>>>
>>> My question is - does anyone know if there's a way to generate a CouchD=
B-friendly SHA1 hash in PHP?
>>>
>>> Thanks,
>>>
>>> Martin
>
>