Re: PHP-based SHA1 algorithm?

Wed, 23 Mar 2011 06:16:14 -0700 

Hi Stefan,

From here: 
http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization

"The salt attribute is the hexadecimal representation of the salt used to 
generate the user's password hash."

Might have gotten the wrong end of the stick though...

Martin 

On 23 Mar 2011, at 13:13, Stefan Matheis wrote:

> Hey again,
> 
> just wondering about the following lines
> 
>> $salt = "qwertyuiop";
>> $user['salt'] = bin2hex($salt);
> 
> is that really, what you want to do / what couch requires you to do?
> 
> $ php -r 'var_dump("qwertyuiop", bin2hex("qwertyuiop"));'
> string(10) "qwertyuiop"
> string(20) "71776572747975696f70"
> 
> could find no step in any couch-related document about that
> requirement, you're refering to which one Martin?
> 
> Regards
> Stefan
> 
> On Wed, Mar 23, 2011 at 1:53 PM, Martin Hewitt <[email protected]> wrote:
>> Hi all,
>> 
>> Just wondering if anyone has done this successfully in PHP and could offer 
>> advice?
>> 
>> My code is currently:
>> 
>> $user = array();
>> $user['_id'] = "org.couchdb.user:".$newUser;
>> $user['type'] = "user";
>> $user['name'] = $newUser;
>> $user['roles'] = "numpty";
>> 
>> $salt = "qwertyuiop";
>> $newPassword = "test";
>> 
>> $user['password_sha'] = sha1($newPassword.$salt);
>> $user['salt'] = bin2hex($salt);
>> 
>> And I can't login through Futon.
>> 
>> Any help greatly appreciated!
>> 
>> Martin
>> 
>> On 23 Mar 2011, at 08:40, Stefan Matheis wrote:
>> 
>>> Martin,
>>> 
>>> based on 
>>> http://wiki.apache.org/couchdb/Security_Features_Overview#Generating_password_sha
>>> what's wrong about php's sha1() function?
>>> 
>>> $ php -r "echo sha1('foobar');"
>>> 8843d7f92416211de9ebb963ff4ce28125932878
>>> 
>>> it's the same result as stated there for erlang, ruby & python :)
>>> 
>>> Regards
>>> Stefan
>>> 
>>> On Wed, Mar 23, 2011 at 4:33 AM, Martin Hewitt <[email protected]> wrote:
>>>> Hi all,
>>>> 
>>>> I'm writing a build process in Phing, part of which involves creating a 
>>>> new CouchDB user. I'm having trouble logging in as the created user and 
>>>> have an inkling that it's down to the SHA1 encryption of the password and 
>>>> salt, as the Security wiki page is quite specific about what SHA1s work 
>>>> and which ones don't.
>>>> 
>>>> My question is - does anyone know if there's a way to generate a 
>>>> CouchDB-friendly SHA1 hash in PHP?
>>>> 
>>>> Thanks,
>>>> 
>>>> Martin
>> 
>>

Reply via email to