Is there a framework or function that allows me to use SHA3-512?
I don't want a extension like Strawbrary
Yes sure simply you can use hash function in php
<?php
echo hash('sha3-512' , 'String you want to hash');
It's possible.
Maybe too late, but I've worked on a pure-PHP implementation here:
SHA3-224/256/384/512
SHAKE128/256 (arbitrary output size)
LGPL 3+
Works in PHP 5.2+ (considerably slower on older PHP)
No extensions required.
Moderately well tested.
Based on the (public domain) reference implementation in C.
Arbitrary input size.
It is a simple and fast implementation in PHP (which means far slower than C). Since this is purely "CPU-bound", PHP 7.0 runs 4x faster than PHP 5.6. (55kB/s here)
Fine with a small input. Correctly handles a huge input, just hogs CPU for minutes.
I hope it helps.
For those coming to this later (after this post) PHP 7.1.0 has support for SHA3-512.
Per the PHP Manual (http://php.net/manual/en/function.hash-algos.php) the hash_algos() function will output your system's available hash algorithms. The following code will output your system's available hash algorithms:
<?php
echo "<pre>";
print_r (hash_algos());
echo "</pre>";
?>
My output looks something like this:
Array
(
[0] => md2
[1] => md4
[2] => md5
...
)
PHP 5.3.2 added SHA-256 and SHA-512 to the crypt() function. This might be somewhat similar to what your looking for
http://us3.php.net/crypt
Related
My goal is simply to generate a temporary token that will be used in URLs for user identification, should I use OAuthProvider::generateToken or random_bytes?
From these answers :
Generate a single use token in PHP: random_bytes or openssl_random_pseudo_bytes?
and
best practice to generate random token for forgot password
It seems that random_bytes is a more recently updated option for PHP 7 when compared to openssl_random_pseudo_bytes. Is it the same when compared to OAuthProvider::generateToken?
Examples:
$rb_token = bin2hex(random_bytes($length));
$oa_token = bin2hex((new OAuthProvider())->generateToken($length, TRUE));
// TRUE = strong "/dev/random will be used for entropy"
I would go for random_bytes (if you use PHP < 7, a polyfill with a good reputations exists, random_compat).
Differences in between /dev/urandom and /dev/random are negligible for your case (a more detailed explanation can be found there).
random_bytes use getrandom syscall or /dev/urandom, (source code), while OAuthProvider::generateToken() without strong mode seems to fallback to some unsecure implementation if the generated string is too short (source code, and source code of php_mt_rand). So random_bytes has a edge over usability (no unsafe mode), and on systems using getrandom syscall, as it should be the preferred method (detailled explanation here).
Another way to conclude is to look at some widely-used libraries: FOSOAuthServer bundle, for Symfony applications, uses random_bytes too.
Last but not least, I believe some PHP core function will also receive more scrutinity, and better support, than an extension.
I'm trying to port a php algorithm to perl but I struggle with one bit operator I'm not familiar with...
so the php code looks like this:
...
$var = '348492634';
print ~$var;
...
result: -348492635
doing the exact same thing in perl:
...
$var = '348492634';
print ~$var;
...
result: 18446744073361058981
I read a lot about the integer size depending on the architecture of the cpu, but I never found a working solution. Maybe I'm just using the wrong function in perl...
It's necessary for the logic to get same result as in the php script.
Thanks in advance
Seems that on your setup, PHP ints are 32bit signed while perl ints are 64bit unsigned.
This will probably do what you need on the given system but it is not guaranteed to work the same if you use it on another installation of perl.
$var = '348492634'; #hex!
print ~($var - 2**32) - 2**32;
The following will do for both $var='348492634' (which you claim to have) and $var=348492634 (which you did have):
unpack('l', ~pack('l', $var))
The quick and dirty conversion is:
print -($var+1); # like ~$var in PHP
If your perl is using 64-bit integers, this will only fail for $var=-18446744073709551616
(0x8000000000000000), which is a value you wouldn't use in 32-bit PHP anyway.
Code:
echo $a = 'stackoverflow';
echo '<br>';
echo $b = '$2a$10$bf57caf7e1fa23e4b975ab';
echo '<br>CRYPT:<br>';
echo crypt($a, $b);
Results:
PHP 5.2.5
stackoverflow
$2a$10$bf57caf7e1fa23e4b975ab
CRYPT:
$2.LaeiP21fsQ
PHP 5.4.4
stackoverflow
$2a$10$bf57caf7e1fa23e4b975ab
CRYPT:
$2a$10$bf57caf7e1fa23e4b975aOhXjTtYrqOYLfHsxdOxGRhF03.LtKewW
I want to move the script to a new server with PHP 5.4.4
I would like to get the same effect as the 5.2.5 hashes, otherwise I will lose some data
If I use salt with ending $ - the result is the same
I read this:
As of PHP 5.3.0, PHP contains its own implementation and will use that
if the system lacks of support for one or more of the algorithms.
But the algorithm should not be different.
Please help.
Prior to PHP 5.3.0, Blowfish was only available if your system's C library provided it (and almost no one's did). Passing a Blowfish salt in systems that don't have a Blowfish implementation results in a crapshoot of algorithm selection - usually, a DES hash.
I am including the same "random.inc" in foo.php and bar.php. For each, I want reproducible "random" results.
So in foo.php I always want one set of numbers and/or keywords. In bar.php another. Which shouldn't change on reload. That's what I mean by contant pseudo-random. And that's why I seeding on the url. However I still get different results for individual numbers as well as for array pickson every reload. This is the full php file:
<?
header('Content-Type: text/plain');
$seed = crc32( $_SERVER['REQUEST_URI'] );
echo "phpversion: ".phpversion()."\nseed: $seed\n";
srand( $seed ); // (seed verified to be contant as expected)
// neither single values nor array pics turn out deterministic
echo ''.rand(0,100).' '.rand(0,100).' '.rand(0,100)."\n";
$values = array( '0'=>21,'1'=>89,'2'=>96,'3'=>47,'4'=>88 );
print_r( array_rand( $values, 3 ) );
?>
In the days of PHP4.1 it was (verified) possible to achieve constant pseudo-random like this. array_rand API documentation describes as a feature that since 4.2 initialization happens automatically. Perhaps this is overriding any explicit seeding? (if so, perhaps explicit seeding should raise an internal PHP flag, preventing automatic seeding?). Btw: mt_srand() and srand() are equally not working.
I would really like to get my deterministic / constant pseudo-random back...
Update: Solution below (Windows and/or version 5.2 's fault)
Works for me (PHP/5.3.6):
<?php
$data = range(1, 100);
srand(1);
print_r(array_rand($data, 3));
... always prints:
Array
(
[0] => 21
[1] => 89
[2] => 95
)
... in my machine. Apparently, the exact numbers differ depending on the exact environment but they're reproducible.
Guys, you are all correct! (Sorry, I answer it myself now)
my web hoster runs 5.2.17 under Linux 2.6.36, and above problem exists.
under Win x64 5.3.0 everything works as expected.
So it's everyone's guess if that's an OS related bug and/or a PHP bug, fixed in 5.3.0.
Given that random constant seeding worked before, I am guessing they fixed in 5.3 the bug that came with the autoseed feature enhancement in 4.2. Anyway, Thanx again, at least there's clarity now.
The seeding functions are still available, and should still work; it's just since PHP 4.2 they are automatically seeded with the time on page load; but you can still call them to reset the random sequence to a known starting point.
[edit] I have just done a quick test program to make sure I wasn't imagining it!
mt_srand(50000);
print "rand="+mt_rand(0,10000);
Using PHP 5.2, this always results in the same value being printed (1749).
[EDIT]
As noted by #cwd and in the accepted answer to this question, there appears to be a discrepancy in PHP 5.2's behaviour with random number seeding between the Linux and Windows versions. In PHP 5.2 on Linux, the above technique does not appear to work.
Fortunately, the bug seems to have been fixed in PHP 5.3, so the solution to this problem is simply to upgrade. (PHP 5.2 is not supported any longer, so you should upgrade anyway)
Btw, if anyone else wants "constant windows-pre-5.3 pseudo-random" (of low quality, e.g. for stuff like SEO buzzwording) this is a tested workaround:
$r = abs(crc32($URL))%20; // a number between 0 and 19, based on URL
In PHP 5.2.17 and probably on all versions of PHP 5.2, (not sure about windows), we lose the capability of generating random numbers based on a seed as PHP changes the algorithm used for random numbers.
rand and mt_rand are "broken" not only because they will not give one random number, but they will also not give a same sequence of random numbers - even when using a seed!
At first the PHP developers tried to argue that this is the way that it "should" work, but we can guess they caught enough grief about the problem that they have reverted the way that it works with PHP 5.3.
See the php mt_rand page and the bug tracker to learn about this issue.
I use a php script that hashes passwords using php's crypt and uses SHA512, however when I try to check if SHA512 is set I get the above error. Of course I know WHY I get this error.. php is missing some dependency. I just don't know what that dependency is.
Can anyone please tell me what I need to install (on a Ubuntu server) to be able to use SHA512 in PHP ?
Thanks!
The php docs say that built-in support for SHA-256 and SHA-512 was added in PHP 5.3.2. If you use any earlier versions of PHP, it relies on implementations of those algorithms provided by your system, which apparently yours does not have.
Make sure you have newest version of PHP5 and install mcrypt - also contains alot of other encryption methods like rinjdael (AES)
Bottom line, you should be using mcrypt, not SHA512 or any md5 style hasher. It's too easy to brute force decrypt them. There is a ton of good reference at http://www.php.net/manual/en/function.mcrypt-generic.php and all over google. Below is an example of a 3DES hashed URL using the reference function urlsafe_b64encode from http://www.php.net/manual/en/function.mcrypt-generic.php#71135
$key = "what can i tell you";
$request = http_build_query($_REQUEST);
$request_enc = urlencode(urlsafe_b64encode(mcrypt_ecb(MCRYPT_3DES, $key, $request, MCRYPT_ENCRYPT)));
$url = "http://localhost/takemerightthere/".$request_enc;