Do you recognize this password hashing format?
Question
I'm trying to reverse-engineer a password scheme on a legacy PHP application, so I can port the passwords to a new system which will be replacing it. The application has passwords stored in two formats, a newer and an older one. The newer one simply uses crypt() with salt. The older one doesn't seem to have any supporting code any more (at least not in version control), and no hint of what may have been used. I have one account in the old style for which I may know the password, but I don't know how to check it.
The password is stored in the following format:
$1$f1KtBi.v$nWwBN8CP3igfC3Emo0OB8/
It appears to be three fields, delimited by $ : 1 , f1KtBi.v , and nWwBN8CP3igfC3Emo0OB8/ . The first field is always 1 . The second and third fields always match the regular expression [a-zA-Z0-9/.]+ . The second field always has 8 characters, the third field always has 22.
Have you seen this password storage scheme before? Any idea what hashing mechanism might have been used?
2 answers
solution1
2 ACCPTED 2011-09-07 17:19:32
This is the output of the crypt() [docs] function.
The 1 means that it used the MD5 algo internally.
solution2
1 2011-09-07 17:19:45
That's most likely produced with crypt() , especially with MD5:
CRYPT_MD5 - MD5 hashing with a twelve character salt starting with $1$
Good luck finding the salt.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.