views:

24

answers:

1

Has anyone ever tried to use SHA-256 or SHA-512 with PEAR AUTH? MD5 works perfectly however, nothing happens when you set the cryptType to

'cryptType' => 'sha256'

The page will just reload. I'm using MDB2 With this.

Code is here: http://pastie.org/1065896

+1  A: 

Your table's password field has a length restriction that's cutting off the hash.

php > echo hash('md5', 'Your face is on fire.');
93d4258aa007d4346197b2f0433397f6

MD5 is 32 characters.

php > echo hash('sha1', 'Your face is on fire.');
19cc616238440e31065d97ec9f77d89ff319272b

SHA1 is 40.

php > echo hash('sha256', 'Your face is on fire.');
d9eb62abf8a261958ada70e59e492f2ef65b06527a2040123d69f9e59046b843

SHA2 256 is 64.

php > echo hash('sha512', 'Your face is on fire.');
38b0ef9577cfda32edda324f3c70cacebfdb304125e439c17aa6f5d41ed091a515ddc9800c58e67a48b85874f349e886cc6f506fc159086d086a500fe4bc8fc8

And SHA2 512 breaks the trend and goes all the way up to 192 characters.

One of MySQL's failings is that it will let this happen and only issue a warning instead of stopping cold and telling you that you're trying to put ten pounds of data in a one pound bag.

Charles
YEP, you're absolutely right.
john mossel
Thanks.........
john mossel