您能识别这种密码哈希格式吗?
[英]Do you recognize this password hashing format?
问题描述
I'm trying to reverse-engineer a password scheme on a legacy PHP application, so I can port the passwords to a new system which will be replacing it. 
我正在尝试对旧版PHP应用程序上的密码方案进行反向工程,因此我可以将密码移植到将替换它的新系统上。 The application has passwords stored in two formats, a newer and an older one. 该应用程序具有以两种格式存储的密码,一种是新的,一种是旧的。 The newer one simply uses crypt() with salt. 较新的版本只是将crypt()与salt一起使用。 The older one doesn't seem to have any supporting code any more (at least not in version control), and no hint of what may have been used. 较旧的代码似乎不再有任何支持代码(至少在版本控制中没有),也没有任何暗示的含义。 I have one account in the old style for which I may know the password, but I don't know how to check it. 我有一个老式的帐户,虽然我可能知道该帐户的密码,但是我不知道如何检查它。
The password is stored in the following format: 密码以以下格式存储:
$1$f1KtBi.v$nWwBN8CP3igfC3Emo0OB8/
It appears to be three fields, delimited by $ : 1 , f1KtBi.v , and nWwBN8CP3igfC3Emo0OB8/ . 它似乎是三个字段,由$分隔: 1 , f1KtBi.v和nWwBN8CP3igfC3Emo0OB8/ 。 The first field is always 1 . 第一个字段始终为1 。 The second and third fields always match the regular expression [a-zA-Z0-9/.]+ . 第二和第三字段始终匹配正则表达式[a-zA-Z0-9/.]+ 。 The second field always has 8 characters, the third field always has 22. 第二个字段始终包含8个字符,第三个字段始终包含22个字符。
Have you seen this password storage scheme before? 您以前看过此密码存储方案吗? Any idea what hashing mechanism might have been used? 知道可能使用了哪种哈希机制?
2 个解决方案
解决方案1
2 已采纳 2011-09-07 17:19:32
This is the output of the crypt() [docs] function. 这是crypt() [docs]函数的输出。
The 1 means that it used the MD5 algo internally. 1表示它在内部使用了MD5算法。
解决方案2
1 2011-09-07 17:19:45
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.