Return-Path: 
 <user-return-15387-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 16415 invoked from network); 23 Mar 2011 13:16:12 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 23 Mar 2011 13:16:12 -0000
Received: (qmail 70900 invoked by uid 500); 23 Mar 2011 13:16:11 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 70866 invoked by uid 500); 23 Mar 2011 13:16:11 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 70858 invoked by uid 99); 23 Mar 2011 13:16:11 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Mar 2011 13:16:11 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [109.169.49.54] (HELO zoe.mltserver-three.co.uk)
 (109.169.49.54)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Mar 2011 13:16:04 +0000
Received: from 02d83053.bb.sky.com ([2.216.48.83] helo=[192.168.0.2])
	by zoe.mltserver-three.co.uk with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.69)
	(envelope-from <martin@thenoi.se>)
	id 1Q2NuY-0006fj-Us
	for user@couchdb.apache.org; Wed, 23 Mar 2011 13:15:43 +0000
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1082)
Subject: Re: PHP-based SHA1 algorithm?
From: Martin Hewitt <martin@thenoi.se>
In-Reply-To: <AANLkTi=Wo0V7ikOe2RGM9Bkf_koU1QWgO1cXR3qQy=Y3@mail.gmail.com>
Date: Wed, 23 Mar 2011 13:15:41 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <D5EC60BC-F278-4331-BE71-01D9F846C9F2@thenoi.se>
References: <1C449572-2BB6-450E-A408-6C7E5CEE3BE4@thenoi.se>
 <AANLkTinnWjw4Sfwuy3S77Hh09aix6931CWh8ozbYkRoZ@mail.gmail.com>
 <338D4FB2-89BB-46E8-905A-1E11E67F2E24@thenoi.se>
 <AANLkTi=Wo0V7ikOe2RGM9Bkf_koU1QWgO1cXR3qQy=Y3@mail.gmail.com>
To: user@couchdb.apache.org
X-Mailer: Apple Mail (2.1082)
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - zoe.mltserver-three.co.uk
X-AntiAbuse: Original Domain - couchdb.apache.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - thenoi.se
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Stefan,

=46rom here: =
http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization

"The salt attribute is the hexadecimal representation of the salt used =
to generate the user's password hash."

Might have gotten the wrong end of the stick though...

Martin=20

On 23 Mar 2011, at 13:13, Stefan Matheis wrote:

> Hey again,
>=20
> just wondering about the following lines
>=20
>> $salt =3D "qwertyuiop";
>> $user['salt'] =3D bin2hex($salt);
>=20
> is that really, what you want to do / what couch requires you to do?
>=20
> $ php -r 'var_dump("qwertyuiop", bin2hex("qwertyuiop"));'
> string(10) "qwertyuiop"
> string(20) "71776572747975696f70"
>=20
> could find no step in any couch-related document about that
> requirement, you're refering to which one Martin?
>=20
> Regards
> Stefan
>=20
> On Wed, Mar 23, 2011 at 1:53 PM, Martin Hewitt <martin@thenoi.se> =
wrote:
>> Hi all,
>>=20
>> Just wondering if anyone has done this successfully in PHP and could =
offer advice?
>>=20
>> My code is currently:
>>=20
>> $user =3D array();
>> $user['_id'] =3D "org.couchdb.user:".$newUser;
>> $user['type'] =3D "user";
>> $user['name'] =3D $newUser;
>> $user['roles'] =3D "numpty";
>>=20
>> $salt =3D "qwertyuiop";
>> $newPassword =3D "test";
>>=20
>> $user['password_sha'] =3D sha1($newPassword.$salt);
>> $user['salt'] =3D bin2hex($salt);
>>=20
>> And I can't login through Futon.
>>=20
>> Any help greatly appreciated!
>>=20
>> Martin
>>=20
>> On 23 Mar 2011, at 08:40, Stefan Matheis wrote:
>>=20
>>> Martin,
>>>=20
>>> based on =
http://wiki.apache.org/couchdb/Security_Features_Overview#Generating_passw=
ord_sha
>>> what's wrong about php's sha1() function?
>>>=20
>>> $ php -r "echo sha1('foobar');"
>>> 8843d7f92416211de9ebb963ff4ce28125932878
>>>=20
>>> it's the same result as stated there for erlang, ruby & python :)
>>>=20
>>> Regards
>>> Stefan
>>>=20
>>> On Wed, Mar 23, 2011 at 4:33 AM, Martin Hewitt <martin@thenoi.se> =
wrote:
>>>> Hi all,
>>>>=20
>>>> I'm writing a build process in Phing, part of which involves =
creating a new CouchDB user. I'm having trouble logging in as the =
created user and have an inkling that it's down to the SHA1 encryption =
of the password and salt, as the Security wiki page is quite specific =
about what SHA1s work and which ones don't.
>>>>=20
>>>> My question is - does anyone know if there's a way to generate a =
CouchDB-friendly SHA1 hash in PHP?
>>>>=20
>>>> Thanks,
>>>>=20
>>>> Martin
>>=20
>>=20