So far as the dictionary attacks are concerned, I thought up
the following function:
<?php
function twistSTR($array){
$twisted="";
$array_strlen=array();
foreach ($array as $element){
$array_strlen[]=strlen($element);
}
for ($i=0; $i<max($array_strlen); $i++){
foreach ($array as $element){
if ($i<strlen($element)){
$twisted=$twisted.$element{$i};
}
}
}
return $twisted;
}
?>
The twistSTR function basically takes an array input of
strings and alternates each character of each string among
all the other strings. For example:
<?php
echo
twistSTR(array("this","and","that&q
uot;));//output: tathnhidast
?>
It can be applied in the following manner:
<?php
if ($un===$_POST["username"] &&
$pwd===sha1(twistSTR(array($salt,$_POST["password"
])))){
?>
It's not amazingly difficult to reverse engineer the actual
output, but then again, that's not the point. The point is
that when a password is entered into one of those databases,
they are going to enter for example "thisandthat",
not "tathnhidast".
----
Server IP: 64.71.164.2
Probable Submitter: 24.228.53.110
----
Manual Page -- http:/
/www.php.net/manual/en/function.sha1.php
Edit -- https://master
.php.net/note/edit/71449
Del: integrated -- h
ttps://master.php.net/note/delete/71449/integrated
Del: useless -- http
s://master.php.net/note/delete/71449/useless
Del: bad code -- htt
ps://master.php.net/note/delete/71449/bad+code
Del: spam -- https:/
/master.php.net/note/delete/71449/spam
Del: non-english --
https://master.php.net/note/delete/71449/non-english
Del: in docs -- http
s://master.php.net/note/delete/71449/in+docs
Del: other reasons-- https://mast
er.php.net/note/delete/71449
Reject -- https://mast
er.php.net/note/reject/71449
Search -- https://
master.php.net/manage/user-notes.php
--
PHP Notes Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub
.php
|