php密码格式验证函数,[置顶] 基于长密码的PHP函数验证漏洞学习(Long Password Denial of Service (DoS))...

最新推荐文章于 2022-12-04 22:30:37 发布
最新推荐文章于 2022-12-04 22:30:37 发布
阅读量716 收藏
点赞数
文章标签: php密码格式验证函数
本文详细介绍了使用PHP实现的PasswordHash类,演示了如何通过增加密码长度来测试其在面对长密码时的性能,揭示了可能存在的时间攻击风险。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

啥都不说,干货直接上源码。

/*

* To change this license header, choose License Headers in Project Properties.

* To change this template file, choose Tools | Templates

* and open the template in the editor.

*/

//demo 0x001

//require_once 'phpass.php';

set_time_limit(0);

ignore_user_abort(true);

class PasswordHash

{

var $itoa64;

var $iteration_count_log2;

var $portable_hashes;

var $random_state;

function PasswordHash($iteration_count_log2, $portable_hashes)

{

$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)

$iteration_count_log2 = 8;

$this->iteration_count_log2 = $iteration_count_log2;

$this->portable_hashes = $portable_hashes;

$this->random_state = microtime();

if (function_exists('getmypid'))

$this->random_state .= getmypid();

}

function get_random_bytes($count)

{

$output = '';

if (is_readable('/dev/urandom') &&

($fh = @fopen('/dev/urandom', 'rb')))

{

$output = fread($fh, $count);

fclose($fh);

}

if (strlen($output) < $count)

{

$output = '';

for ($i = 0; $i < $count; $i += 16)

{

$this->random_state = md5(microtime() . $this->random_state);

$output .=

pack('H*', md5($this->random_state));

}

$output = substr($output, 0, $count);

}

return $output;

}

function encode64($input, $count)

{

$output = '';

$i = 0;

do

{

$value = ord($input[$i++]);

$output .= $this->itoa64[$value & 0x3f];

if ($i < $count)

$value |= ord($input[$i]) << 8;

$output .= $this->itoa64[($value >> 6) & 0x3f];

if ($i++ >= $count)

break;

if ($i < $count)

$value |= ord($input[$i]) << 16;

$output .= $this->itoa64[($value >> 12) & 0x3f];

if ($i++ >= $count)

break;

$output .= $this->itoa64[($value >> 18) & 0x3f];

} while ($i < $count);

return $output;

}

function gensalt_private($input)

{

$output = '$P$';

$output .= $this->itoa64[min($this->iteration_count_log2 +

((PHP_VERSION >= '5') ? 5 : 3), 30)];

$output .= $this->encode64($input, 6);

return $output;

}

function crypt_private($password, $setting)

{

$output = '*0';

if (substr($setting, 0, 2) == $output)

$output = '*1';

$id = substr($setting, 0, 3);

# We use "$P$", phpBB3 uses "$H$" for the same thing

if ($id != '$P$' && $id != '$H$')

return $output;

$count_log2 = strpos($this->itoa64, $setting[3]);

if ($count_log2 < 7 || $count_log2 > 30)

return $output;

$count = 1 << $count_log2;

$salt = substr($setting, 4, 8);

if (strlen($salt) != 8)

return $output;

# We're kind of forced to use MD5 here since it's the only

# cryptographic primitive available in all versions of PHP

# currently in use. To implement our own low-level crypto

# in PHP would result in much worse performance and

# consequently in lower iteration counts and hashes that are

# quicker to crack (by non-PHP code).

if (PHP_VERSION >= '5')

{

$hash = md5($salt . $password, TRUE);

do

{

$hash = md5($hash . $password, TRUE);

} while (--$count);

} else

{

$hash = pack('H*', md5($salt . $password));

do

{

$hash = pack('H*', md5($hash . $password));

} while (--$count);

}

$output = substr($setting, 0, 12);

$output .= $this->encode64($hash, 16);

return $output;

}

function gensalt_extended($input)

{

$count_log2 = min($this->iteration_count_log2 + 8, 24);

# This should be odd to not reveal weak DES keys, and the

# maximum valid value is (2**24 - 1) which is odd anyway.

$count = (1 << $count_log2) - 1;

$output = '_';

$output .= $this->itoa64[$count & 0x3f];

$output .= $this->itoa64[($count >> 6) & 0x3f];

$output .= $this->itoa64[($count >> 12) & 0x3f];

$output .= $this->itoa64[($count >> 18) & 0x3f];

$output .= $this->encode64($input, 3);

return $output;

}

function gensalt_blowfish($input)

{

# This one needs to use a different order of characters and a

# different encoding scheme from the one in encode64() above.

# We care because the last character in our encoded string will

# only represent 2 bits. While two known implementations of

# bcrypt will happily accept and correct a salt string which

# has the 4 unused bits set to non-zero, we do not want to take

# chances and we also do not want to waste an additional byte

# of entropy.

$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

$output = '$2a$';

$output .= chr(ord('0') + $this->iteration_count_log2 / 10);

$output .= chr(ord('0') + $this->iteration_count_log2 % 10);

$output .= '$';

$i = 0;

do

{

$c1 = ord($input[$i++]);

$output .= $itoa64[$c1 >> 2];

$c1 = ($c1 & 0x03) << 4;

if ($i >= 16)

{

$output .= $itoa64[$c1];

break;

}

$c2 = ord($input[$i++]);

$c1 |= $c2 >> 4;

$output .= $itoa64[$c1];

$c1 = ($c2 & 0x0f) << 2;

$c2 = ord($input[$i++]);

$c1 |= $c2 >> 6;

$output .= $itoa64[$c1];

$output .= $itoa64[$c2 & 0x3f];

} while (1);

return $output;

}

function HashPassword($password)

{

$random = '';

if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes)

{

$random = $this->get_random_bytes(16);

$hash = crypt($password, $this->gensalt_blowfish($random));

if (strlen($hash) == 60)

return $hash;

}

if (CRYPT_EXT_DES == 1 && !$this->portable_hashes)

{

if (strlen($random) < 3)

$random = $this->get_random_bytes(3);

$hash = crypt($password, $this->gensalt_extended($random));

if (strlen($hash) == 20)

return $hash;

}

if (strlen($random) < 6)

$random = $this->get_random_bytes(6);

$hash = $this->crypt_private($password, $this->gensalt_private($random));

if (strlen($hash) == 34)

return $hash;

# Returning '*' on error is safe here, but would _not_ be safe

# in a crypt(3)-like function used _both_ for generating new

# hashes and for validating passwords against existing hashes.

return '*';

}

function CheckPassword($password, $stored_hash)

{

$hash = $this->crypt_private($password, $stored_hash);

if ($hash[0] == '*')

$hash = crypt($password, $stored_hash);

return $hash == $stored_hash;

}

}

//Long Password Denial of Service (DoS)

//denial-of-service-responsible-disclosure

class hasher

{

function __construct($pass)

{

$pass_hash = new PasswordHash(8, TRUE);

$hashed_pass = $pass_hash->HashPassword($pass);

}

}

$length = array("1", "10", "50", "100", "500", "1000", "5000", "10000", "50000", "100000", "200000",

"300000", "400000", "500000", "600000", "700000", "800000", "900000", "1000000",

"2000000", "3000000","4000000", "5000000", "6000000", "7000000", "8000000", "9000000");

foreach ($length as $value)

{

$valor = str_repeat("A", $value);

$time_start = microtime(true);

$hashgen = new hasher($valor);//in this case the PHP script not control the input length:

echo 'Size in character(s): ' . $value;

echo ' Total execution time in seconds: ' . (microtime(true) - $time_start);

print "\n";

}

//关键区域注意hasher定义类这块代码

$hashed_pass = $pass_hash->HashPassword($pass);//注意此处函数,由于没有限制密码长度,导致系统运行耗时。

08e69c50dcc325406e7bb455e6b155bc.png

输出结果测试:

"php.exe" "TimingAttack.php"

Size in character(s): 1 Total execution time in seconds: 0.015599966049194

Size in character(s): 10 Total execution time in seconds: 0

Size in character(s): 50 Total execution time in seconds: 0.015599966049194

Size in character(s): 100 Total execution time in seconds: 0

Size in character(s): 500 Total execution time in seconds: 0.015599966049194

Size in character(s): 1000 Total execution time in seconds: 0.031200170516968

Size in character(s): 5000 Total execution time in seconds: 0.12480092048645

Size in character(s): 10000 Total execution time in seconds: 0.23399996757507

Size in character(s): 50000 Total execution time in seconds: 1.1700019836426

Size in character(s): 100000 Total execution time in seconds: 2.2776041030884

Size in character(s): 200000 Total execution time in seconds: 4.1808068752289

Size in character(s): 300000 Total execution time in seconds: 9.656417131424

Size in character(s): 400000 Total execution time in seconds: 14.149224996567

Size in character(s): 500000 Total execution time in seconds: 17.425230979919

Size in character(s): 600000 Total execution time in seconds: 19.094433069229

Size in character(s): 700000 Total execution time in seconds: 23.010040998459

Size in character(s): 800000 Total execution time in seconds: 24.070841789246

Size in character(s): 900000 Total execution time in seconds: 28.298449993134

Size in character(s): 1000000 Total execution time in seconds: 33.259258031845

Size in character(s): 2000000 Total execution time in seconds: 67.298518180847

Size in character(s): 3000000 Total execution time in seconds: 101.29097795486

Size in character(s): 4000000 Total execution time in seconds: 113.45899987221

Size in character(s): 5000000 Total execution time in seconds: 135.59543800354

Size in character(s): 6000000 Total execution time in seconds: 154.45587110519

Size in character(s): 7000000 Total execution time in seconds: 203.9391579628

Size in character(s): 8000000 Total execution time in seconds: 234.54641199112

Size in character(s): 9000000 Total execution time in seconds: 265.59046697617

Done.

【项目实战】拒绝服务Denial-of-Service (DoS)攻击
本本本添哥
12-01 668
拒绝服务(Denial-of-ServiceDoS)攻击 - 全称为拒绝服务攻击 - 是一种网络攻击手段 - 是一种恶意的网络攻击 - 是一种使计算机或网络无法提供正常服务的攻击方式。
php密码正则验证
dsqcsdn的博客
12-28 1243
验证密码必须是6-12位的数字和字母 '/^(?![0-9]+)(?![a−zA−Z]+)(?![a-zA-Z]+)(?![a−zA−Z]+)[0-9A-Za-z]{6,12}/′;(?![0−9]+/'; (?![0-9]+/′;(?![0−9]+) : 可能含有数字 (?![a-zA-Z]+$): 可能含有字母 [0-9A-Za-z]: 含有数字或者字母 {6,12}: 6-12位 ...
基于密码PHP函数验证漏洞学习Long Password Denial of Service (DoS))
关注互联网安全的小虾米一枚
11-18 7400
啥都不说,干货直接上源码。 <?php /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the edito
PHP Multipart/form-data remote dos Vulnerability
weixin_30652897的博客
12-14 165
catalog 1. Description 2. Analysis 1. Description PHP is vulnerable to a remote denial of service, caused by repeatedly allocate memory、concatenate string、copy string and free memory when P...
php密码正则格式校验
梦想小镇
03-25 4200
//密码由字母或数组组成 function is_passwd($v){ $pattern="/^[0-9a-zA-Z]{6,16}$/i"; if(preg_match($pattern,$v)){ \System\FileLog\FileLog::write("-------h5密码重置:true"); retu...
Web密码拒绝服务漏洞
黑剑
03-09 2365
没有对明文密码度施加任何最大值,这意味着攻击者可以简单地提交任意大且保证失败的密码,迫使运行 服务器执行由此产生的昂贵的哈希计算以尝试检查密码。 例如,在使用 PBKDF2 哈希器时,大小为 1 兆字节的密码将需要大约一分钟的计算时间来检查,“这允许通过重复提交大密码来进行拒绝服务攻击,从而在昂贵的相应哈希计算中占用服务器资源。” 场景一:如果用户名不存在,则不会计算密码哈希,因为用户名不存在。 场景二:如果用户名存在,则计算密码散列并与存储在数据库中的散列进行比较。如果比较的哈希值相同,则授予您访问
PHp 密码验证
weixin_30663471的博客
12-07 401
. MD5加密 string md5 ( string $str [, bool $raw_output = false ] ) 参数 str -- 原始字符串。 raw_output -- 如果可选的 raw_output 被设置为 TRUE,那么 MD5 报文摘要将以16字节度的原始二进制格式返回。 这是一种不可逆加密,执行如下的代码 $password = '12345...
DDoS.rar_ddos_denial_denial of service_dos attack_拒绝服务攻击
09-24
相信大家都一定不会对这两个这个词感到陌生,是的,拒绝服务攻击(Denial of Service),以及分布式拒绝服务攻击(Distributed Denial of Service)。
Solution for Denial of Service Attacks-30Sep2010.ppt
最新发布
11-08
其中,拒绝服务攻击(DoS攻击)以及其分布式形式(DDoS攻击)已成为网络安全领域中的一大威胁。拒绝服务攻击的目的在于通过制造过多的网络流量或请求,导致目标服务器无法处理正常的服务请求,从而使网络服务暂时或...
基于PHP的CFimagehost(图片上传存储管理系统)英文版源码.zip
07-30
同时,系统应限制文件大小和类型,防止DoSDenial of Service)攻击。 ### 性能优化 为了处理大量图片,CFimagehost可能采用了缓存技术,如文件缓存或内存缓存(如APC或Memcached),减少对数据库的访问。图片的...
php password密码验证正则表达式(8位度限制)
12-13
代码如下: <?php //密码验证 $password = “zongzi_Abc_oo13a2”; $n = preg_match_all(“/^[a-zA-Z\d_]{8,}$/”,$password,$array); //度是8或更多 var_dump($array); ?> 您可能感兴趣的文章:正则表达式 \w \d 的意义PowerShell中使用正则和ValidateSet验证参数合法性Shell正则表达式之grep、sed、awk实操笔记DW 查找某字符串前的所有字符的正则表达式解决正则表达式\w和\d的疑惑
php 密码校验正则,PHP常用密码正则匹配验证
weixin_34998630的博客
03-28 2221
PHP常用密码正则匹配验证第一种://昵称2-10位字符,需由中文、数字、字母(区分大小写)和下划线组合$a = '的方';$b = preg_match( "/^[\x{4e00}-\x{9fa5}A-Za-z0-9_]{2,10}$/u", $a );var_dump( $b );第二种://正则表达式6-16位字符(英文/数字/符号)三种组合$pwd = 'ddddddA1';$res = ...
Drupal密码拒绝服务漏洞复现(CVE-2014-9016),python编写POC
wangqiao258的博客
10-28 4249
环境搭建: 使用vulhub,进入CVE-2014-3704文件夹启动环境: [root@www /]# cd /home/vulhub-master/drupal/CVE-2014-3704/ [root@www CVE-2014-3704]# docker-compose up -d 查看端口: [root@www CVE-2014-3704]# docker ps CONTAINER ID IMAGE COMMAND
java学习笔记答案_java学习笔记
weixin_39941262的博客
02-25 142
1、分包:可以把类写去其他包中,但是用的时候需要import packageName.className。也可以全部导入import packageName.*2、如果是用private的,那怕在同一个包中,也不能调用其东西。只能在自己的类中修改,自己类中用构造函数修改或者其他、如果用public的,则其他包也能用。如果是什么都不加的,就只能是自己那个包里面使用。/** To change thi...
NetBeans--员工信息管理系统
with_wine的博客
12-04 846
netbeans项目员工信息管理系统
2020-04-22
qq_47160804的博客
04-22 149
/* To change this license header, choose License Headers in Project Properties. To change this template file, choose Tools | Templates and open the template in the editor. / package javaapplication35...
Slow HTTP Denial of Service Attack 漏洞解决办法
热门推荐
corpse2010的专栏
06-16 2万+
问题名称: Slow HTTP Denial of Service Attack 问题URL http://10.238.*.*:58***   风险等级: 高 问题类型: 服务器配置类 漏洞描述: 利用的HTTP POST:POST的时候,指定一个非常大的 content
详解PHP multipartform-data 远程DOS漏洞及其验证方法
在某些情况下,DOS攻击可能演变成DDoS(Distributed Denial of Service,分布式拒绝服务攻击),即通过分散的多个攻击源进行攻击。 #### 漏洞原理 在PHP中,处理`multipart/form-data`的上传时,通常会调用`parse_...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值