Show DevBest [REL] tHash: A simple, yet unique hashing feature

[brsy]

tHash is an md5 and sha1 alternative that can be used to take your users' security one step further. Here it is, just simply add it to your global.php.

How it works.
First, the user inputs what ever you want to secure, specifically a password. The $tHashr function MD5's whatever the user inputs, and $tDecoy is a random string that I suggest you change, which is a main factor in this hash. Then, $tSalt SHA1's both the $tDecoy and the $tHashr inputs. Finally, the "return substr($tSalt, 0, 17);" limits the string to 17 characters, which can be altered to your liking.

class tCore {
      public function tHash($input) {
        $tHashr = md5($input);
        $tDecoy = md5('sD87scPq');
        $tSalt = sha1($tHashr + $tDecoy);
        return substr($tSalt, 0, 17);
    }
}

 

[Markshall]

It's nice. I was going to create one of these for my college website but got lazy and just used the default MD5 function lol.

Also, shouldn't it be '$tSalt = sha1($tHashr . $tDecoy );' and not '$tSalt = sha1($tHashr + $tDecoy );' ?

 

[brsy]

It's nice. I was going to create one of these for my college website but got lazy and just used the default MD5 function lol.

Also, shouldn't it be '$tSalt = sha1($tHashr . $tDecoy );' and not '$tSalt = sha1($tHashr + $tDecoy );' ?

Wouldn't the period simply add it to the end of the string, while the plus sign combines both strings? If you just add the decoy at the end, it makes it a bit easier to guess.

 

[Markshall]

I thought the + was for numbers, 3+5 in PHP or whatever. I'm nort sure, this alcohol is fucking mr up noe!

 

[Kryptos]

How 'bout if you did something like...

class tSec { //Putting something security or user related into the core is just retarded.
      public function tHash($input, $decoy, $limit) {
        $tHashr = md5($input);
        $tDecoy = md5($decoy);
        $tSalt = sha1($tHashr . $tDecoy);
        return substr($tSalt, 0, $limit);
    }
}
 
 
/**
* Let's set some security-related stuff quickie 'cause this post is boring me out, yo!
*/
 
define('HASH_DECOY', 'sD87scPq');
define('HASH_LIMIT', 32);
 
/**
* Let's get the tSec class and hash some value
*/
 
$tSec = new tSec();
$tSec->tHash('masecretzpassword', HASH_DECOY, HASH_LIMIT);

Nice work ;P Glad to see people think for themselves, even something as simple as this.

 

[brsy]

How 'bout if you did something like...

ze PHP goes here

Nice work ;P Glad to see people think for themselves, even something as simple as this.

Yes, I never thought of doing this limit option, so it would be configurable. Nice idea.

 

[Jian]

Why not use the more convenient way that you can customize the hash, encrypt and decrypt the encoded string. There's a built-in one in skyAdmin

<?php
  /*
  Copyright (C) 2011 by JTprojects (Jian Ting)
 
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal
  in the Software without restriction, including without limitation the rights
  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  copies of the Software, and to permit persons to whom the Software is
  furnished to do so, subject to the following conditions:
 
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
 
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  THE SOFTWARE.
  */
  if (!defined('BASEPATH'))exit('Failed Hax0r');
  /*
    jtHash API 1.2
    What is jtHash?
      Well, jtHash is a string encoder. Safe for everything.
  */
  class jthash {
    public function hash($mode){
      if($mode == "encode"){
        $hash = array(
                      'q' => 'm',//Small alphebets
                      'w' => 'n',
                      'e' => 'b',
                      'r' => 'v',
                      't' => 'c',
                      'y' => 'x',
                      'u' => 'z',
                      'i' => 'l',
                      'o' => 'k',
                      'p' => 'j',
                      'a' => 'h',
                      's' => 'g',
                      'd' => 'f',
                      'f' => 'd',
                      'g' => 's',
                      'h' => 'a',
                      'j' => 'p',
                      'k' => 'o',
                      'l' => 'i',
                      'z' => 'u',
                      'x' => 'y',
                      'c' => 't',
                      'v' => 'r',
                      'b' => 'e',
                      'n' => 'w',
                      'm' => 'q',
                      '=' => '+',//Special CHaracters
                      '<' => '^',
                      '>' => '%',
                      '$' => '4',
                      '(' => '9',
                      ')' => '0',
                      'Q' => 'M',//Capitalized alphebets
                      'W' => 'N',
                      'E' => 'B',
                      'R' => 'V',
                      'T' => 'C',
                      'Y' => 'X',
                      'U' => 'Z',
                      'I' => 'L',
                      'O' => 'K',
                      'P' => 'J',
                      'A' => 'H',
                      'S' => 'G',
                      'D' => 'F',
                      'F' => 'D',
                      'G' => 'S',
                      'H' => 'A',
                      'J' => 'P',
                      'K' => 'O',
                      'L' => 'I',
                      'Z' => 'U',
                      'X' => 'Y',
                      'C' => 'T',
                      'V' => 'R',
                      'B' => 'E',
                      'N' => 'W',
                      'M' => 'Q',
                      );
        return $hash;
      }elseif($mode == "decode"){
        $hash = array(
                      'm' => 'q',//Small alphebets
                      'n' => 'w',
                      'b' => 'e',
                      'v' => 'r',
                      'c' => 't',
                      'x' => 'y',
                      'z' => 'u',
                      'l' => 'i',
                      'k' => 'o',
                      'j' => 'p',
                      'h' => 'a',
                      'g' => 's',
                      'f' => 'd',
                      'd' => 'f',
                      's' => 'g',
                      'a' => 'h',
                      'p' => 'j',
                      'o' => 'k',
                      'i' => 'l',
                      'u' => 'z',
                      'y' => 'x',
                      't' => 'c',
                      'r' => 'v',
                      'e' => 'b',
                      'w' => 'n',
                      'q' => 'm',
                      '+' => '=',//Special CHaracters
                      '^' => '<',
                      '%' => '>',
                      '4' => '$',
                      '9' => '(',
                      '0' => ')',
                      'M' => 'Q',//Capitalized alphebets
                      'N' => 'W',
                      'B' => 'E',
                      'V' => 'R',
                      'C' => 'T',
                      'X' => 'Y',
                      'Z' => 'U',
                      'L' => 'I',
                      'K' => 'O',
                      'J' => 'P',
                      'H' => 'A',
                      'G' => 'S',
                      'F' => 'D',
                      'D' => 'F',
                      'S' => 'G',
                      'A' => 'H',
                      'P' => 'J',
                      'O' => 'K',
                      'I' => 'L',
                      'U' => 'Z',
                      'Y' => 'X',
                      'T' => 'C',
                      'R' => 'V',
                      'E' => 'B',
                      'W' => 'N',
                      'Q' => 'M',
                      );
        return $hash;
      }
    }
    public function encode($string){
      $encode = $string;
      $encode = strtr($encode, $this->hash('encode'));
      $encode = $encode.jt_hash_secret;
      return $encode;
    }
    public function decode($string){
      $decode = explode(jt_hash_secret, $string);
      $decode = strtr($decode[0], $this->hash('decode'));
      return $decode;
    }
    public function withoutHashSecret($string, $type){
      if($type == "encode"){
        $encode = strtr($string, $this->hash('decode'));
        return $encode;
      }elseif($type == "decode"){
        $decode = strtr($string, $this->hash('decode'));
        return $decode;
      }else{
        return false;
      }
    }
  }
?>

 

[Markshall]

I'm not sure if this would work properly. I've been drinkngn so bare with me ok??

<?php
function hashthis( $str, $hashstr='GweBU43NdvsA', $hashlimit=32 )
{
    return substr( sha1( ( md5( $str ) . md5( $hashstr ) ) ), 0, $hashlimit );
}
 
echo hashthis( "Mark Eriksson" );
echo hashthis( "Mark Paul David Eriksson", "Hf%GHsG89S", 23 );
?>

 

[Kryptos]

Why not use the more convenient way that you can customize the hash, encrypt and decrypt the encoded string. There's a built-in one in skyAdmin

<?php
  /*
  Copyright (C) 2011 by JTprojects (Jian Ting)
 
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal
  in the Software without restriction, including without limitation the rights
  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  copies of the Software, and to permit persons to whom the Software is
  furnished to do so, subject to the following conditions:
 
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
 
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  THE SOFTWARE.
  */
  if (!defined('BASEPATH'))exit('Failed Hax0r');
  /*
    jtHash API 1.2
    What is jtHash?
      Well, jtHash is a string encoder. Safe for everything.
  */
  class jthash {
    public function hash($mode){
      if($mode == "encode"){
        $hash = array(
                      'q' => 'm',//Small alphebets
                      'w' => 'n',
                      'e' => 'b',
                      'r' => 'v',
                      't' => 'c',
                      'y' => 'x',
                      'u' => 'z',
                      'i' => 'l',
                      'o' => 'k',
                      'p' => 'j',
                      'a' => 'h',
                      's' => 'g',
                      'd' => 'f',
                      'f' => 'd',
                      'g' => 's',
                      'h' => 'a',
                      'j' => 'p',
                      'k' => 'o',
                      'l' => 'i',
                      'z' => 'u',
                      'x' => 'y',
                      'c' => 't',
                      'v' => 'r',
                      'b' => 'e',
                      'n' => 'w',
                      'm' => 'q',
                      '=' => '+',//Special CHaracters
                      '<' => '^',
                      '>' => '%',
                      '$' => '4',
                      '(' => '9',
                      ')' => '0',
                      'Q' => 'M',//Capitalized alphebets
                      'W' => 'N',
                      'E' => 'B',
                      'R' => 'V',
                      'T' => 'C',
                      'Y' => 'X',
                      'U' => 'Z',
                      'I' => 'L',
                      'O' => 'K',
                      'P' => 'J',
                      'A' => 'H',
                      'S' => 'G',
                      'D' => 'F',
                      'F' => 'D',
                      'G' => 'S',
                      'H' => 'A',
                      'J' => 'P',
                      'K' => 'O',
                      'L' => 'I',
                      'Z' => 'U',
                      'X' => 'Y',
                      'C' => 'T',
                      'V' => 'R',
                      'B' => 'E',
                      'N' => 'W',
                      'M' => 'Q',
                      );
        return $hash;
      }elseif($mode == "decode"){
        $hash = array(
                      'm' => 'q',//Small alphebets
                      'n' => 'w',
                      'b' => 'e',
                      'v' => 'r',
                      'c' => 't',
                      'x' => 'y',
                      'z' => 'u',
                      'l' => 'i',
                      'k' => 'o',
                      'j' => 'p',
                      'h' => 'a',
                      'g' => 's',
                      'f' => 'd',
                      'd' => 'f',
                      's' => 'g',
                      'a' => 'h',
                      'p' => 'j',
                      'o' => 'k',
                      'i' => 'l',
                      'u' => 'z',
                      'y' => 'x',
                      't' => 'c',
                      'r' => 'v',
                      'e' => 'b',
                      'w' => 'n',
                      'q' => 'm',
                      '+' => '=',//Special CHaracters
                      '^' => '<',
                      '%' => '>',
                      '4' => '$',
                      '9' => '(',
                      '0' => ')',
                      'M' => 'Q',//Capitalized alphebets
                      'N' => 'W',
                      'B' => 'E',
                      'V' => 'R',
                      'C' => 'T',
                      'X' => 'Y',
                      'Z' => 'U',
                      'L' => 'I',
                      'K' => 'O',
                      'J' => 'P',
                      'H' => 'A',
                      'G' => 'S',
                      'F' => 'D',
                      'D' => 'F',
                      'S' => 'G',
                      'A' => 'H',
                      'P' => 'J',
                      'O' => 'K',
                      'I' => 'L',
                      'U' => 'Z',
                      'Y' => 'X',
                      'T' => 'C',
                      'R' => 'V',
                      'E' => 'B',
                      'W' => 'N',
                      'Q' => 'M',
                      );
        return $hash;
      }
    }
    public function encode($string){
      $encode = $string;
      $encode = strtr($encode, $this->hash('encode'));
      $encode = $encode.jt_hash_secret;
      return $encode;
    }
    public function decode($string){
      $decode = explode(jt_hash_secret, $string);
      $decode = strtr($decode[0], $this->hash('decode'));
      return $decode;
    }
    public function withoutHashSecret($string, $type){
      if($type == "encode"){
        $encode = strtr($string, $this->hash('decode'));
        return $encode;
      }elseif($type == "decode"){
        $decode = strtr($string, $this->hash('decode'));
        return $decode;
      }else{
        return false;
      }
    }
  }
?>

That's far from convenient, also I don't see why you're using two different array when they're just the opposite, I could see you getting a way around it with only one array.

You're just replacing 1 letter... Plus people are lazy and cannot be bothered changing all that. Not convenient. I'd rather use MD5 alone.

 

[Adil]

I released one, using C++
Nice to see people taking an interest in making their own hash though

 

[brsy]

Thanks Adil, I only coded it so I can use it within my CMS. Security is not an option, it's a necessity.