incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Coallier <dav...@php.net>
Subject Re: PHP-based SHA1 algorithm?
Date Wed, 23 Mar 2011 23:02:43 GMT
Hey there Martin,

You should be able to set the value to a normal string, IE:

$user['password_sha'] = hash('sha256', $salt . $pass . $salt);

or if you really want sha1 and you absolutely can't use sha256

$user['password_sha'] = hash('sha1', $salt . $pass . $salt);
or
$user['password_sha'] = sha1($salt . $pass . $salt);

You should be able to use the string value directly without having to encode it.

On 23 March 2011 13:24, Martin Hewitt <martin@thenoi.se> wrote:
> Looks like just using the raw string value works. Not sure if I mis-read the documentation
or if it's something to do with PHP's native JSON conversion...
>
> Martin
>
> On 23 Mar 2011, at 13:13, Stefan Matheis wrote:
>
>> Hey again,
>>
>> just wondering about the following lines
>>
>>> $salt = "qwertyuiop";
>>> $user['salt'] = bin2hex($salt);
>>
>> is that really, what you want to do / what couch requires you to do?
>>
>> $ php -r 'var_dump("qwertyuiop", bin2hex("qwertyuiop"));'
>> string(10) "qwertyuiop"
>> string(20) "71776572747975696f70"
>>
>> could find no step in any couch-related document about that
>> requirement, you're refering to which one Martin?
>>
>> Regards
>> Stefan
>>
>> On Wed, Mar 23, 2011 at 1:53 PM, Martin Hewitt <martin@thenoi.se> wrote:
>>> Hi all,
>>>
>>> Just wondering if anyone has done this successfully in PHP and could offer advice?
>>>
>>> My code is currently:
>>>
>>> $user = array();
>>> $user['_id'] = "org.couchdb.user:".$newUser;
>>> $user['type'] = "user";
>>> $user['name'] = $newUser;
>>> $user['roles'] = "numpty";
>>>
>>> $salt = "qwertyuiop";
>>> $newPassword = "test";
>>>
>>> $user['password_sha'] = sha1($newPassword.$salt);
>>> $user['salt'] = bin2hex($salt);
>>>
>>> And I can't login through Futon.
>>>
>>> Any help greatly appreciated!
>>>
>>> Martin
>>>
>>> On 23 Mar 2011, at 08:40, Stefan Matheis wrote:
>>>
>>>> Martin,
>>>>
>>>> based on http://wiki.apache.org/couchdb/Security_Features_Overview#Generating_password_sha
>>>> what's wrong about php's sha1() function?
>>>>
>>>> $ php -r "echo sha1('foobar');"
>>>> 8843d7f92416211de9ebb963ff4ce28125932878
>>>>
>>>> it's the same result as stated there for erlang, ruby & python :)
>>>>
>>>> Regards
>>>> Stefan
>>>>
>>>> On Wed, Mar 23, 2011 at 4:33 AM, Martin Hewitt <martin@thenoi.se> wrote:
>>>>> Hi all,
>>>>>
>>>>> I'm writing a build process in Phing, part of which involves creating
a new CouchDB user. I'm having trouble logging in as the created user and have an inkling
that it's down to the SHA1 encryption of the password and salt, as the Security wiki page
is quite specific about what SHA1s work and which ones don't.
>>>>>
>>>>> My question is - does anyone know if there's a way to generate a CouchDB-friendly
SHA1 hash in PHP?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Martin
>>>
>>>
>
>



-- 
David Coallier

Mime
View raw message