Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.
phpBB::_hash_crypt_private( $password, $setting, $itoa64 )
The crypt function/replacement
Contents
Description Description
Source Source
File: includes/admin/converters/phpBB.php
private function _hash_crypt_private( $password, $setting, &$itoa64 ) {
$output = '*';
// Check for correct hash
if ( substr( $setting, 0, 3 ) != '$H$' ) {
return $output;
}
$count_log2 = strpos( $itoa64, $setting[3] );
if ( $count_log2 < 7 || $count_log2 > 30 ) {
return $output;
}
$count = 1 << $count_log2;
$salt = substr( $setting, 4, 8 );
if ( strlen( $salt ) != 8 ) {
return $output;
}
/**
* We're kind of forced to use MD5 here since it's the only
* cryptographic primitive available in all versions of PHP
* currently in use. To implement our own low-level crypto
* in PHP would result in much worse performance and
* consequently in lower iteration counts and hashes that are
* quicker to crack (by non-PHP code).
*/
if ( floatval( phpversion() ) >= 5 ) {
$hash = md5( $salt . $password, true );
do {
$hash = md5( $hash . $password, true );
}
while ( --$count );
} else {
$hash = pack( 'H*', md5( $salt . $password ) );
do {
$hash = pack( 'H*', md5( $hash . $password ) );
}
while ( --$count );
}
$output = substr($setting, 0, 12);
$output .= $this->_hash_encode64($hash, 16, $itoa64);
return $output;
}