Quantcast

Proposal for Zend_Hash_Password class

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Proposal for Zend_Hash_Password class

Lars Kneschke-2
​Hello!

For a very long time I always proposed to do some contribution. But I always failed.

Today it's time for a new try. For Tine 2.0 we have to store and validate password hashes. As I did not find a good library to handle this kind of stuff, I decided to create some classes to make handling of password hashes as easy as possible. 

These classes support generating and validating following hashes:
- Crypt (MD5, Blowfish, SHA*)
- M5 (Plain, Ldap, SMD5)
- SHA (SSHA* and SHA*)

You can have a look at the source code here: http://svn.tine20.org/svn/trunk/tine20/library/Hash/

As I had a hard time to find all the needed informations and as I like to have more people using this code, I would like to contribute this code to Zend Framework.
Is there any interest in this kind of code?

Lars
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Proposal for Zend_Hash_Password class

Ralph Schindler-2
You should have a look at the Zend_Crypt code base.  I do not see a
manual entry (for reasons unknown), but the apidoc is here:

http://framework.zend.com/apidoc/core/
(switch to Zend_Crypt in the drop down)

I'll look and see what happened to the manual for that.

Either way, I think it might be worth figuring out if it does everything
you need.

-ralph

On 11/24/10 5:24 AM, Lars Kneschke wrote:

> ​Hello!
>
> For a very long time I always proposed to do some contribution. But I always failed.
>
> Today it's time for a new try. For Tine 2.0 we have to store and validate password hashes. As I did not find a good library to handle this kind of stuff, I decided to create some classes to make handling of password hashes as easy as possible.
>
> These classes support generating and validating following hashes:
> - Crypt (MD5, Blowfish, SHA*)
> - M5 (Plain, Ldap, SMD5)
> - SHA (SSHA* and SHA*)
>
> You can have a look at the source code here: http://svn.tine20.org/svn/trunk/tine20/library/Hash/
>
> As I had a hard time to find all the needed informations and as I like to have more people using this code, I would like to contribute this code to Zend Framework.
> Is there any interest in this kind of code?
>
> Lars
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Proposal for Zend_Hash_Password class

Lars Kneschke-2
Am 26.11.2010 20:42, schrieb Ralph Schindler:

> You should have a look at the Zend_Crypt code base.  I do not see a
> manual entry (for reasons unknown), but the apidoc is here:
>
> http://framework.zend.com/apidoc/core/
> (switch to Zend_Crypt in the drop down)
>
> I'll look and see what happened to the manual for that.
>
> Either way, I think it might be worth figuring out if it does
> everything you need.
Hello Ralph!

I had a look at these classes. But Zend_Crypt is for encrypting and
decrypting things, while my hash class is for creating one way hashes of
strings. Which are two different things.

The primary use case of the hash class is to create and validate hashes
of passwords stored in /etc/shadow and OpenLDAP for example. Also any
webapplication which stores passwords can benefit from the hash class,
as it is very easy now to create and validate salted passwords very easily.

--
Lars Kneschke
Team Leader Business Solutions
Metaways Infosystems GmbH
Pickhuben 2, D-20457 Hamburg

Tine 2.0 Open Source Groupware and CRM =>  http://www.tine20.org

E-Mail: mailto:[hidden email]
Web: http://www.metaways.de
Tel:  +49 (0) 40 317031-521
Fax: +49 (0) 40 317031-921
Mobile: +49 (0) 175 9304324
Metaways Infosystems GmbH - Sitz: D-22967 Tremsbüttel
Handelsregister: Amtsgericht Lübeck HRB 4508 AH
Geschäftsführung: Hermann Thaele, Lüder-H.Thaele

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: [zf-contributors] Proposal for Zend_Hash_Password class

Thomas Weidner
There is already a component within the incubator in development.
Take a look at http://framework.zend.com/wiki/display/ZFPROP/Zend_Filter_Hash+-+Thomas+Weidner

Thomas Weidner

Zend Framework Certified Engineer & I18N Team Leader
http://www.thomasweidner.com

-----Ursprüngliche Nachricht-----
Von: Lars Kneschke [mailto:[hidden email]]
Gesendet: Sonntag, 28. November 2010 17:24
An: [hidden email]
Betreff: Re: [zf-contributors] Proposal for Zend_Hash_Password class

Am 26.11.2010 20:42, schrieb Ralph Schindler:

> You should have a look at the Zend_Crypt code base.  I do not see a
> manual entry (for reasons unknown), but the apidoc is here:
>
> http://framework.zend.com/apidoc/core/
> (switch to Zend_Crypt in the drop down)
>
> I'll look and see what happened to the manual for that.
>
> Either way, I think it might be worth figuring out if it does
> everything you need.
Hello Ralph!

I had a look at these classes. But Zend_Crypt is for encrypting and decrypting things, while my hash class is for creating one way hashes of strings. Which are two different things.

The primary use case of the hash class is to create and validate hashes of passwords stored in /etc/shadow and OpenLDAP for example. Also any webapplication which stores passwords can benefit from the hash class, as it is very easy now to create and validate salted passwords very easily.

--
Lars Kneschke
Team Leader Business Solutions
Metaways Infosystems GmbH
Pickhuben 2, D-20457 Hamburg

Tine 2.0 Open Source Groupware and CRM =>  http://www.tine20.org

E-Mail: mailto:[hidden email]
Web: http://www.metaways.de
Tel:  +49 (0) 40 317031-521
Fax: +49 (0) 40 317031-921
Mobile: +49 (0) 175 9304324
Metaways Infosystems GmbH - Sitz: D-22967 Tremsbüttel
Handelsregister: Amtsgericht Lübeck HRB 4508 AH
Geschäftsführung: Hermann Thaele, Lüder-H.Thaele


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Proposal for Zend_Hash_Password class

Ralph Schindler-2
In reply to this post by Lars Kneschke-2
> I had a look at these classes. But Zend_Crypt is for encrypting and
> decrypting things, while my hash class is for creating one way hashes of
> strings. Which are two different things.

Well, technically, Zend_Crypt is for all things "cryptography related",
of which, hashing is one of.

If I read the code correctly, the following is possible:

$md5edString = Zend_Crypt::hash('md5', 'some data');

This allows for a consistent API that is pluggable.  This means that any
algorithm can be used in php's hash, mhash, or openssl extensions.

So, if you are attempting to create a proposal (which at this point
would have to be ZF 2.0, it would make most sense to describe what is
missing in the Zend_Crypt component.

> The primary use case of the hash class is to create and validate hashes
> of passwords stored in /etc/shadow and OpenLDAP for example. Also any
> webapplication which stores passwords can benefit from the hash class,
> as it is very easy now to create and validate salted passwords very easily.

Cheers,
Ralph
Loading...