All geek questions in one place

Check if string is a hash

I use SHA-512 to hash my passwords (with salt). I don’t think that what I want is possible, but let him ask anyway.

Is there a way to check if a string is already a SHA-512 hash (or other algorithm)?

When a user logs in, I want to check their password. If it is still in clear text, it must be converted to a safe form.

+1
source share
6 answers

Your task is extremely simple and does not require string checking.

Just compare the entered password with the first one saved.
If it matches - here it is, a simple password. So you can start the conversion process.

+6
source

As @zerkms already mentioned, line length is the most obvious thing you can test with. Also, hashes are usually written in hexadecimal, so they consist only of digits from 0 to 9 and characters from a to f. Or as a regular expression

/[0-9a-f]{64}/i
+5
source

I am a little confused by this question.

When a user enters his password on his website, you can assume that the value in $_POST['password'] (or whatever you call it) is in plain text. Even if the user uses the result of the hash function as their password, it doesn’t matter, since with respect to your application it still remains open. That is, the hashed value is the password of the user, no matter what steps they took to create it, since writing this value to the system leads to access for this user. The hash point of user passwords presented on the server is such that even you do not know what the user password is. Thus, if your database is compromised, the user password is not displayed.

Once you have a password, you will get this user salt and hashed password from the database. You accept the submitted form, hash it using a user-specific salt, and then compare it with the previously hashed password from the database. If the matched hashed and pre-hashed database values ​​match, you can assume that the correct password has been entered.

The only reason I can understand what you are doing as you described is if you previously saved your passwords as plain text and now process them into hashes. In this case, you just need to assign a unique salt to each user, hash the current password + the plaintext salt, and save this as a new password. This conversion should happen immediately when "hashwords" is allowed, and not do it in parts as a user input for the first time after the transition.

+2
source

Obviously, the only way to guess is to check the length of the string. I bet no one has such a long password.

+1
source

why do you want to verify the hashed password during login.no, which puts the hashed string as the password.

u should check it like

 if (sha1($input_password) === 'your hased password') { //go ahead }
0
source

You can hash the password of the user when he submits the form, this requires javascript ofcourse.

 function myOnSubmit(aForm) { //Getting the password input object var inputPassword = aForm['password']; //Hashing the password before submitting inputPassword.value = sha512_hash(inputPassword.value); //Submitting return true; }

Your form will be like this:

 <form onsubmit="return myOnSubmit(this);"> <input type="text" name="login"><br> <input type="password" name="password"><br> <input type="submit" name="send"> </form>

As I know, there is no native sha512 function that comes with JS, so you need a sha512 function, you can check this out .

0
source

Source: https://habr.com/ru/post/1479715/

More articles:


All Articles