Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 87833 invoked from network); 23 Mar 2011 23:03:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 23 Mar 2011 23:03:11 -0000 Received: (qmail 16396 invoked by uid 500); 23 Mar 2011 23:03:09 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 16367 invoked by uid 500); 23 Mar 2011 23:03:09 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 16359 invoked by uid 99); 23 Mar 2011 23:03:09 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Mar 2011 23:03:09 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of david.coallier@gmail.com designates 209.85.213.180 as permitted sender) Received: from [209.85.213.180] (HELO mail-yx0-f180.google.com) (209.85.213.180) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Mar 2011 23:03:04 +0000 Received: by yxe1 with SMTP id 1so5016078yxe.11 for ; Wed, 23 Mar 2011 16:02:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=iKxPWhigjy27MM30Wx/BYq81W+BH/5jxVwXPv7eZhWI=; b=eJRyF50a9Vozbr5Y6GoIzimpa6DyN5wI9hcssZLMIzM5fTDLSAu0u5Sq5/aMUMKKYU r2AN0Kyu48WsK752acf/iHPeWUVnWQcPMFijaXHEHBbIOsh6xscpduV8A/L5g0T72gIr 6LdYAWzcP9NAk1g65l2vTZ3o/Cy5v1O7+Izyk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=lC6M5uhlq565V57fMDfaUmxxWaWRgINyI99JRHduT3LuadKFvqBgkBK7FjjZrVWjvh 6qZ2ep5SP6i+sEWoVYWE9Mk2jAwrA71rKfinXQuw51B2c/YZHqjauX8SgdylYcllKFxC m5dRjsn0hk921RO8aVXhPiDI5dIKem5lVGqOs= MIME-Version: 1.0 Received: by 10.150.193.13 with SMTP id q13mr6963567ybf.116.1300921363564; Wed, 23 Mar 2011 16:02:43 -0700 (PDT) Sender: david.coallier@gmail.com Received: by 10.147.137.18 with HTTP; Wed, 23 Mar 2011 16:02:43 -0700 (PDT) In-Reply-To: References: <1C449572-2BB6-450E-A408-6C7E5CEE3BE4@thenoi.se> <338D4FB2-89BB-46E8-905A-1E11E67F2E24@thenoi.se> Date: Wed, 23 Mar 2011 23:02:43 +0000 X-Google-Sender-Auth: rvUwEAQGgUJ-N8mRtY-RplBB-Mc Message-ID: Subject: Re: PHP-based SHA1 algorithm? From: David Coallier To: user@couchdb.apache.org Cc: Martin Hewitt Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hey there Martin, You should be able to set the value to a normal string, IE: $user['password_sha'] =3D hash('sha256', $salt . $pass . $salt); or if you really want sha1 and you absolutely can't use sha256 $user['password_sha'] =3D hash('sha1', $salt . $pass . $salt); or $user['password_sha'] =3D sha1($salt . $pass . $salt); You should be able to use the string value directly without having to encod= e it. On 23 March 2011 13:24, Martin Hewitt wrote: > Looks like just using the raw string value works. Not sure if I mis-read = the documentation or if it's something to do with PHP's native JSON convers= ion... > > Martin > > On 23 Mar 2011, at 13:13, Stefan Matheis wrote: > >> Hey again, >> >> just wondering about the following lines >> >>> $salt =3D "qwertyuiop"; >>> $user['salt'] =3D bin2hex($salt); >> >> is that really, what you want to do / what couch requires you to do? >> >> $ php -r 'var_dump("qwertyuiop", bin2hex("qwertyuiop"));' >> string(10) "qwertyuiop" >> string(20) "71776572747975696f70" >> >> could find no step in any couch-related document about that >> requirement, you're refering to which one Martin? >> >> Regards >> Stefan >> >> On Wed, Mar 23, 2011 at 1:53 PM, Martin Hewitt wrote: >>> Hi all, >>> >>> Just wondering if anyone has done this successfully in PHP and could of= fer advice? >>> >>> My code is currently: >>> >>> $user =3D array(); >>> $user['_id'] =3D "org.couchdb.user:".$newUser; >>> $user['type'] =3D "user"; >>> $user['name'] =3D $newUser; >>> $user['roles'] =3D "numpty"; >>> >>> $salt =3D "qwertyuiop"; >>> $newPassword =3D "test"; >>> >>> $user['password_sha'] =3D sha1($newPassword.$salt); >>> $user['salt'] =3D bin2hex($salt); >>> >>> And I can't login through Futon. >>> >>> Any help greatly appreciated! >>> >>> Martin >>> >>> On 23 Mar 2011, at 08:40, Stefan Matheis wrote: >>> >>>> Martin, >>>> >>>> based on http://wiki.apache.org/couchdb/Security_Features_Overview#Gen= erating_password_sha >>>> what's wrong about php's sha1() function? >>>> >>>> $ php -r "echo sha1('foobar');" >>>> 8843d7f92416211de9ebb963ff4ce28125932878 >>>> >>>> it's the same result as stated there for erlang, ruby & python :) >>>> >>>> Regards >>>> Stefan >>>> >>>> On Wed, Mar 23, 2011 at 4:33 AM, Martin Hewitt wrot= e: >>>>> Hi all, >>>>> >>>>> I'm writing a build process in Phing, part of which involves creating= a new CouchDB user. I'm having trouble logging in as the created user and = have an inkling that it's down to the SHA1 encryption of the password and s= alt, as the Security wiki page is quite specific about what SHA1s work and = which ones don't. >>>>> >>>>> My question is - does anyone know if there's a way to generate a Couc= hDB-friendly SHA1 hash in PHP? >>>>> >>>>> Thanks, >>>>> >>>>> Martin >>> >>> > > --=20 David Coallier