TechQA.

PHPass: custom character set for hashes

136 views Asked by At

I'm using PHPass to hash passwords and other authorization tasks. In one or two instances, I want to pass a hash as a parameter in a URL:

example.com/verify/foobar/$P$Dg2Ytir3E4xSCEkRzB4W5jsPBQ2u6n0

Out of the box, PHPass uses . and / in the construction of hashes, and this causes problems (see the / next to xxxs:

example.com/verify/foobar/$P$Dg2Ytir3E4xSCxxxxxx/xxxxxxBQ2u6n0
example.com/verify/foobar/$P$Dg2Ytir3E4xSCYtir3E4xBQ2u6n0xxxxx/

These hashes confuse my app's router, so I'm wondering if there is a way to modify which characters are used to generate the hashes.

I tried hacking the class by removing the . and / from the $itoa64 property in several places, but this will throw errors because the hasher is expecting the character string to be the original length. I could add in different characters to match the length, but I'm hesitant to hack the class too much without a better understanding of the implications.

php security encryption hash phpass
Original Q&A
1

There are 1 answers

2
Digital Chris On

Just urlencode($hash).

"example.com/verify/foobar/". urlencode($hash);

Related Questions in PHP

Related Questions in SECURITY

Related Questions in ENCRYPTION

Related Questions in HASH

Related Questions in PHPASS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions