i developing android application have synchronize user table info remote mysql database sqlite database of android device through api communication. user table has field keep passwords of users. these passwords hashed "portable php password hashing framework" used in codeigniter framework. class used create these hashed password in php language(codeigniter framework) given bellow:
<?php class passwordhash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function passwordhash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime().$this->random_state); $output .= pack('h*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; { $value = ord($input[$i ++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i ++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i ++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$p$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((php_version >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # use "$p$", phpbb3 uses "$h$" same thing if ($id != '$p$' && $id != '$h$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # we're kind of forced use md5 here since it's # cryptographic primitive available in versions of php # in use. implement our own low-level crypto # in php result in worse performance , # consequently in lower iteration counts , hashes # quicker crack (by non-php code). if (php_version >= '5') { $hash = md5($salt.$password, true); { $hash = md5($hash.$password, true); } while (--$count); } else { $hash = pack('h*', md5($salt.$password)); { $hash = pack('h*', md5($hash.$password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # should odd not reveal weak des keys, , # maximum valid value (2**24 - 1) odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # 1 needs use different order of characters , # different encoding scheme 1 in encode64() above. # care because last character in our encoded string # represent 2 bits. while 2 known implementations of # bcrypt happily accept , correct salt string # has 4 unused bits set non-zero, not want take # chances , not want waste additional byte # of entropy. $itoa64 = './abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; { $c1 = ord($input[$i ++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i ++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i ++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function hashpassword($password) { $random = ''; if (crypt_blowfish == 1 && ! $this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (crypt_ext_des == 1 && ! $this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # returning '*' on error safe here, _not_ safe # in crypt(3)-like function used _both_ generating new # hashes , validating passwords against existing hashes. return '*'; } function checkpassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } } /* end of file phpass_helper.php */ /* location: ./application/helpers/account/phpass_helper.php */ now, need match user inputted password these hashed passwords using java codes in android. how can that?
n.b. have used java library purpose, not able compare password.
Comments
Post a Comment