PHPass: custom character set for hashes

140 views Asked by At

I'm using PHPass to hash passwords and other authorization tasks. In one or two instances, I want to pass a hash as a parameter in a URL:

example.com/verify/foobar/$P$Dg2Ytir3E4xSCEkRzB4W5jsPBQ2u6n0

Out of the box, PHPass uses . and / in the construction of hashes, and this causes problems (see the / next to xxxs:

example.com/verify/foobar/$P$Dg2Ytir3E4xSCxxxxxx/xxxxxxBQ2u6n0
example.com/verify/foobar/$P$Dg2Ytir3E4xSCYtir3E4xBQ2u6n0xxxxx/

These hashes confuse my app's router, so I'm wondering if there is a way to modify which characters are used to generate the hashes.

I tried hacking the class by removing the . and / from the $itoa64 property in several places, but this will throw errors because the hasher is expecting the character string to be the original length. I could add in different characters to match the length, but I'm hesitant to hack the class too much without a better understanding of the implications.

1

There are 1 answers

2
Digital Chris On

Just urlencode($hash).

"example.com/verify/foobar/". urlencode($hash);