在 ColdFusion MX7 和 PHP 5.x 上同样工作的哈希函数?

2022-01-09 00:00:00 hash sha1 php coldfusion

我正在处理旧的 ColdFusion MX7 站点.他们想实现一个salted hash"密码系统.但是在明年左右的某个时间,他们计划建立一个全新的 PHP 站点,并且不想重置(丢失)所有密码.

I am working on a legacy ColdFusion MX7 site. They want to implement a "salted hash" password system. But some time in the next year or so they plan to build a completely new PHP site and don't want to have to reset (lose) all the passwords.

所以我正在寻找一些可以在两个平台上运行的代码.

So I'm looking for some code that will work on both platforms.

我是新手,但据我所知,以下两个代码块应该做同样的事情.但是,它们会产生不同的结果.有人愿意帮忙吗?

I'm new to this, but as far as I can tell, the following two blocks of code should do the same thing. However, they produce different results. Anyone care to help?

COLDFUSION 代码:

COLDFUSION CODE:

    <cffunction name="computeHash" access="public" returntype="String">
        <cfargument name="password" type="string" />
        <cfargument name="salt" type="string" />
        <cfargument name="iterations" type="numeric" required="false" default="1024" />
        <cfargument name="algorithm" type="string" required="false" default="SHA-1" />
        <cfscript>
            var hashed = '';
            hashed = hash( password & salt, arguments.algorithm, 'UTF-8' );
        </cfscript>
        <cfloop from="1" to="#iterations#" index="i">
            <cfscript>
                hashed = hash( hashed & salt, arguments.algorithm, 'UTF-8' );
            </cfscript>
        </cfloop>
    </cffunction>

PHP 代码:

    function computeHash($password,$salt)
    {
        $hashed = '';
        $hashed = hash('sha1', $password . $salt);
        for ($i = 1; $i <= 1024; $i++) 
        {
            $hashed = hash('sha1', $hashed . $salt);
        }
        echo $hashed;
    }

更新 1:感谢您的回复!使用密码p@ssW0rd"和盐JjXSROiYyKkxNzTklaiErQ=="会生成以下结果:

UPDATE 1: Thanks for your replies! Using a password of "p@ssW0rd", and a salt of "JjXSROiYyKkxNzTklaiErQ==" generates the following results:

冷融合:

代码,第 1 部分:

hashed = hash( password & salt, arguments.algorithm, 'UTF-8' );

生成:

A0A8DE3A3B2A8BFD74766EEE126950F4462D3BCB

代码,第 2 部分:

hash( hashed & salt, arguments.algorithm, 'UTF-8' );

生成:

CFF9B75918B75761B5568854782CD709B2941637

PHP:

代码,第 1 部分:

$hashed = hash('sha1', $password . $salt);

生成:

a0a8de3a3b2a8bfd74766eee126950f4462d3bcb

代码,第 2 部分:

hash('sha1', $hashed . $salt);

生成:

e955404423747ec706561fa9a319ddac47194a65

如您所见,第一次,输出匹配.但是当我重新哈希时,它们不再匹配.我糊涂了.

As you can see, the first time around, the outputs match. But when I re-hash, they no longer match. I'm confused.

推荐答案

ColdFusion 生成 A0A8DE3A3B2A8BFD74766EEE126950F4462D3BCB

,PHP 生成 a0a8de3a3b2a8bfd74766eee126950f4462d3bcb

如您所见,第一次,输出匹配.

As you can see, the first time around, the outputs match.

这些字符串不相同.您需要将它们都转换为相同的情况 - 我会在 PHP 生成的结果上使用 strtoupper().

Those strings are not identical. You need to turn them both to the same case - I would use strtoupper() on PHP's generated result.

相关文章