MySQL 哈希函数实现

2022-01-22 00:00:00 hash passwords php mysql

我知道 php 有 md5()、sha1() 和 hash() 函数,但我想使用 MySQL PASSWORD() 函数创建一个散列.到目前为止,我能想到的唯一方法就是查询服务器,但我想要一个函数(最好是在 php 或 Perl 中),它可以在不查询 MySQL 的情况下做同样的事情.

I know that php has md5(), sha1(), and the hash() functions, but I want to create a hash using the MySQL PASSWORD() function. So far, the only way I can think of is to just query the server, but I want a function (preferably in php or Perl) that will do the same thing without querying MySQL at all.

例如:

MySQL 哈希 -> 464bb2cb3cf18b66

MySQL hash -> 464bb2cb3cf18b66

MySQL5 哈希 -> *01D01F5CA7CA8BA771E03F4AC55EC73C11EFA229

MySQL5 hash -> *01D01F5CA7CA8BA771E03F4AC55EC73C11EFA229

谢谢!

推荐答案

我最初在自己搜索两个 MySQL 密码哈希函数的 PHP 实现时偶然发现了这个问题.我找不到任何实现,所以我从 MySQL 源代码 (sql/password.c) 中改编了自己的实现.以下内容在 PHP 5.2 中经过测试和工作:

I originally stumbled across this question in my own search for a PHP implementation of the two MySQL password hashing functions. I was unable to find any implementations, so I adapted my own from the MySQL source code (sql/password.c). The following are tested and working in PHP 5.2:

// The following is free for any use provided credit is given where due.
// This code comes with NO WARRANTY of any kind, including any implied warranty.

/**
 * MySQL "OLD_PASSWORD()" AKA MySQL323 HASH FUNCTION
 * This is the password hashing function used in MySQL prior to version 4.1.1
 * By Defines Fineout 10/9/2009 9:12:16 AM
**/
function mysql_old_password_hash($input, $hex = true)
{
  $nr = 1345345333; $add = 7; $nr2 = 0x12345671; $tmp = null;
  $inlen = strlen($input);
  for ($i = 0; $i < $inlen; $i++) {
    $byte = substr($input, $i, 1);
    if ($byte == ' ' || $byte == "	") continue;
    $tmp = ord($byte);
    $nr ^= ((($nr & 63) + $add) * $tmp) + (($nr << 8) & 0xFFFFFFFF);
    $nr2 += (($nr2 << 8) & 0xFFFFFFFF) ^ $nr;
    $add += $tmp;
  }
  $out_a = $nr & ((1 << 31) - 1);
  $out_b = $nr2 & ((1 << 31) - 1);
  $output = sprintf("%08x%08x", $out_a, $out_b);
  if ($hex) return $output;
  return hex_hash_to_bin($output);
} //END function mysql_old_password_hash

/**
 * MySQL "PASSWORD()" AKA MySQLSHA1 HASH FUNCTION
 * This is the password hashing function used in MySQL since version 4.1.1
 * By Defines Fineout 10/9/2009 9:36:20 AM
**/
function mysql_password_hash($input, $hex = true)
{
  $sha1_stage1 = sha1($input, true);
  $output = sha1($sha1_stage1, !$hex);
  return $output;
} //END function mysql_password_hash

/**
 * Computes each hexidecimal pair into the corresponding binary octet.
 * Similar to mysql hex2octet function.
**/
function hex_hash_to_bin($hex)
{
  $bin = "";
  $len = strlen($hex);
  for ($i = 0; $i < $len; $i += 2) {
    $byte_hex = substr($hex, $i, 2);
    $byte_dec = hexdec($byte_hex);
    $byte_char = chr($byte_dec);
    $bin .= $byte_char;
  }
  return $bin;
} //END function hex_hash_to_bin

希望其他人也会发现这很有用:)

Hopefully someone else will find this useful as well :)

相关文章