Re: [PHP] Hash function
Hope this is what your looking for... For legal purposes i her grant you all to use this file fore any purpose, and for the same reason i can not take away the copyright notice... 2009/11/9 Ali Asghar Toraby Parizy : > hi friends > I need a hash function to build a Unique serial number by mixing a request > code and a user name > request codes are strings like this: They are literally HEX codes of MAC mac > addresses. > "002314EFD000544AB05345300045675609782123C3254B312123D12312EE13123F123D123123EEE000E000E000EE" > i want to create a function that mix together this request code with user > name that user entered and create new serial number. > What implications i have to satisfy to create such hash function in php? > Thanks for any suggestion > -- MvH / Hans Åhlin Tel: +46761488019 http//www.kronan-net.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hash function
At 2:38 PM +0330 11/9/09, Ali Asghar Toraby Parizy wrote: hi friends I need a hash function to build a Unique serial number ... Try: http://php.net/manual/en/function.dbplus-getunique.php But use at your own risk. If you want a unique number try using a time stamp (i.e., time() ) in concert with a database. For example, grab a time, look for it in a database, if it's not there then use it. If it is there then repeat until you have that isn't. That way it's a unique number guaranteed. Cheers, tedd Addition to that. When you find an unique number, use it AND store that in the database. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hash function
At 2:38 PM +0330 11/9/09, Ali Asghar Toraby Parizy wrote: hi friends I need a hash function to build a Unique serial number ... Try: http://php.net/manual/en/function.dbplus-getunique.php But use at your own risk. If you want a unique number try using a time stamp (i.e., time() ) in concert with a database. For example, grab a time, look for it in a database, if it's not there then use it. If it is there then repeat until you have that isn't. That way it's a unique number guaranteed. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hash function
Ali Asghar Toraby Parizy wrote: Ok, thanks but how can i create serial number that nobody can guess it. for example when i use sha1() every body can examine it too! and so they can create it themselves! what strategy is useful to protect license? Ahh, so you are trying to protect your PHP code with a license key? If so, then here are my thoughts on it. - Don't bother encrypting the license key too much. Your code will be available as source code so it will be possible to circumvent any protection/limitation. - Even file validation like creating md5suma of files is nothing but headache because some FTP servers and clients will modify the source by adjusting the end of line characters (binary upload prevents this). - I have noticed that most customers will not mess with the scripts since they want support from you. Remove all comments from the source and the end of line characters to prevent the hobby tinkerer from causing problems. - The problem with people messing with the code is that they usually don't start a support request with "I changed something and now feature X does not work..." but rather with "All the sudden feature X stopped working". - People who have the goal to circumvent your license code will do so regardless of protection and will see sophisticated protection as a challenge. So I don't bother with encryption of the information since implementing something secure will usually mean that it will get in the way of honest customers. Look at computer games, it is a prime example of copy protection interfering with honest customers by causing problems. All I do is generate a license code which contains a string (name or customer id) and configuration values. The license code can be decoded via a function and validated. So I turn the string AsgharToraby100C into this=> 0B50B-50B54-MSDD2-OMPDD-OMI33 Here 100C is the license value, the customer has a 100 client access license. The key has built in , very basic, validation bits to validate the key as a whole. The script can decode the license key via a function to retrieve the max authenticated user (100) before allowing new logins. The string part can be decoded as well but capitalization is lost. Here are a few license code functions I wrote many years ago. Maybe something like this will work/is what you are looking for. ... well actually ... I just looked at the code, I wrote it about 6 years, and I am bit embarrassed of how I handled a few things :) But the code is solid, it has been in use since then and I have not noticed any problems :) So let me know if this sounds like something you are looking for and would like to see and I will cleanup the code for you. -- John Intelligent Life http://xkcd.com/638/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hash function
On Mon, 2009-11-09 at 15:35 +0330, Ali Asghar Toraby Parizy wrote: > Ok, thanks > but how can i create serial number that nobody can guess it. for example > when i use sha1() every body can examine it too! and so they can create it > themselves! > what strategy is useful to protect license? > I think it is better to add a specific hidden string to request code, > instead of user name that is known for a probable jobber user. > what do you think about it? > > On Mon, Nov 9, 2009 at 3:09 PM, John Black > wrote: > > > Ali Asghar Toraby Parizy wrote: > > > >> hi friends > >> I need a hash function to build a Unique serial number by mixing a request > >> code and a user name > >> request codes are strings like this: They are literally HEX codes of MAC > >> mac > >> addresses. > >> > >> "002314EFD000544AB05345300045675609782123C3254B312123D12312EE13123F123D123123EEE000E000E000EE" > >> i want to create a function that mix together this request code with user > >> name that user entered and create new serial number. > >> What implications i have to satisfy to create such hash function in php? > >> Thanks for any suggestion > >> > > > > How about using sha1 to hash your string. If the data is unique then the > > hash will be unique as well. > > > > $string = $request_code.$user_name; > > $hash = sha1($string); > > > > -- > > John > > Jeder hat soviel Recht, wie er Macht hat. > > [Spinoza] > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > The crypt() function in PHP offers a one-way encryption, so theoretically, it would be too difficult to work out backwards (not impossible, but would need a fair bit of computing power to figure it out!) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Hash function
Ok, thanks but how can i create serial number that nobody can guess it. for example when i use sha1() every body can examine it too! and so they can create it themselves! what strategy is useful to protect license? I think it is better to add a specific hidden string to request code, instead of user name that is known for a probable jobber user. what do you think about it? On Mon, Nov 9, 2009 at 3:09 PM, John Black wrote: > Ali Asghar Toraby Parizy wrote: > >> hi friends >> I need a hash function to build a Unique serial number by mixing a request >> code and a user name >> request codes are strings like this: They are literally HEX codes of MAC >> mac >> addresses. >> >> "002314EFD000544AB05345300045675609782123C3254B312123D12312EE13123F123D123123EEE000E000E000EE" >> i want to create a function that mix together this request code with user >> name that user entered and create new serial number. >> What implications i have to satisfy to create such hash function in php? >> Thanks for any suggestion >> > > How about using sha1 to hash your string. If the data is unique then the > hash will be unique as well. > > $string = $request_code.$user_name; > $hash = sha1($string); > > -- > John > Jeder hat soviel Recht, wie er Macht hat. > [Spinoza] > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Hash function
On Mon, 2009-11-09 at 12:39 +0100, John Black wrote: > Ali Asghar Toraby Parizy wrote: > > hi friends > > I need a hash function to build a Unique serial number by mixing a request > > code and a user name > > request codes are strings like this: They are literally HEX codes of MAC mac > > addresses. > > "002314EFD000544AB05345300045675609782123C3254B312123D12312EE13123F123D123123EEE000E000E000EE" > > i want to create a function that mix together this request code with user > > name that user entered and create new serial number. > > What implications i have to satisfy to create such hash function in php? > > Thanks for any suggestion > > How about using sha1 to hash your string. If the data is unique then the > hash will be unique as well. > > $string = $request_code.$user_name; > $hash = sha1($string); > > -- > John > Jeder hat soviel Recht, wie er Macht hat. > [Spinoza] > > I'm not sure you can guarantee uniqueness, but you can say with a high degree of certainty that it's extremely unlikely to not be unique! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Hash function
Ali Asghar Toraby Parizy wrote: hi friends I need a hash function to build a Unique serial number by mixing a request code and a user name request codes are strings like this: They are literally HEX codes of MAC mac addresses. "002314EFD000544AB05345300045675609782123C3254B312123D12312EE13123F123D123123EEE000E000E000EE" i want to create a function that mix together this request code with user name that user entered and create new serial number. What implications i have to satisfy to create such hash function in php? Thanks for any suggestion How about using sha1 to hash your string. If the data is unique then the hash will be unique as well. $string = $request_code.$user_name; $hash = sha1($string); -- John Jeder hat soviel Recht, wie er Macht hat. [Spinoza] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hash function secret
I don't see how it could be randomly generated else how would you be able to use it for authenticating etc but then I'm not a security expert. I use a long character string known only to me and stored outside my web directory. Maybe other ppl do differently I don't know. - Original Message - From: "Pablo Oliva" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 7:52 PM Subject: [PHP] hash function secret > I was reading the sept. issue of linux magazine and they discussed > security issues with web apps. > > They mentioned that to generate signatures, you should include a secret > with your hash function: > s = S(m) = H(secret, H(m, secret)) > > What is the secret, just a sort of secret code that you include, like > some sort of random password: " gr8ckret46eme " as an example ??? > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
