2011-11-15
pbmichel
I implemented the salted MD5 password hash format of the LDAP RFC. The format is quite simple the password, followed by the 8 byte hash in base64 encoding, which results in 32 characters, prepended with the string "{smd5}".
The beauty of it is that its an incredibly small patch, which gives you this new option how to save and recognize passwords.
Here is the relevant diff:
<code>
diff -r 90e5fae6302a inc/PassHash.class.php
--- a/inc/PassHash.class.php Sun Oct 02 11:46:22 2011 +0200
+++ b/inc/PassHash.class.php Tue Nov 15 10:48:05 2011 +0100
@@ -50,6 +50,9 @@
}elseif(substr($hash,0,6) == '{SSHA}'){
$method = 'ssha';
$salt = substr(base64_decode(substr($hash, 6)),20);
+ }elseif(substr($hash,0,6) == '{SMD5}'){
+ $method = 'smd6';
+ $salt = substr(base64_decode(substr($hash, 6)),16);
}elseif($len == 32){
$method = 'md5';
}elseif($len == 40){
@@ -130,6 +133,18 @@
}
}
+
+ /**
+ * Password hashing method 'smd6'
+ *
+ * Uses salted MD5 hashs. Salt is 8 bytes long. Yes, really 8 bytes...
+ */
+ public function hash_smd6($clear, $salt=null){
+ $this->init_salt($salt,8);
+ return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt);
+ }
+
+
/**
* Password hashing method 'apr1'
*
</code>
To be able to select the new method for the creation of new accounts, you also need this patch:
<code>
diff -r 54324809bff0 -r cd6f1edc5ddc lib/plugins/config/settings/config.metadata.php
--- a/lib/plugins/config/settings/config.metadata.php Wed Oct 05 11:46:52 2011 +0200
+++ b/lib/plugins/config/settings/config.metadata.php Sat Oct 15 12:18:39 2011 +0200
@@ -122,7 +122,7 @@
$meta['useacl'] = array('onoff');
$meta['autopasswd'] = array('onoff');
$meta['authtype'] = array('authtype');
-$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5'));
+$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','smd6','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5'));
$meta['defaultgroup']= array('string');
$meta['superuser'] = array('string');
$meta['manager'] = array('string');
</code>
The method is foolishly named "smd6" in the patch, as "smd5" was obviously already taken.
I'd love to see this tiny patch incorporated into the official wiki code.