Created
June 14, 2010 19:29
-
-
Save joshkehn/438162 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*************** | |
| Comes from a SO comment | |
| @Josh K: This is a little over-the-top: $hash = sha1(sha1($password) ^ $salt);, $hash = sha1($password.$salt); would work just as well in practice (and faster). Also, the only reason I can think of to sha1(microtime()) is to constrain it to something that can fit in your column, and substr(str(microtime()), 0, 160) would work equally well (and faster), although I doubt microtime() gives a > 160 digit number anyway. Of course, you might be intentionally making it slow (so it would take more time to crack), but the performance should at least be mentioned. | |
| Question: http://stackoverflow.com/questions/3038136/am-i-supposed-to-store-hashes-for-passwords/3038182#3038182 | |
| User: http://stackoverflow.com/users/212555/brendan-long | |
| **************/ | |
| /* | |
| 1000 in 0.468002796173 XOR | |
| 1000 in 0.465842008591 XOR | |
| 1000 in 0.466115951538 XOR | |
| 1000 in 0.498080968857 CAT | |
| 1000 in 0.506876945496 CAT | |
| 1000 in 0.500174045563 CAT | |
| */ | |
| function microtime_float() | |
| { | |
| list($usec, $sec) = explode(" ", microtime()); | |
| return ((float)$usec + (float)$sec); | |
| } | |
| $start_time = $this->microtime_float(); | |
| for($i = 0; $i < 100000; $i++) | |
| { | |
| // Change . to ^ to test XOR | |
| $sha = sha1(sha1(microtime()) . sha1(microtime())); | |
| } | |
| $end_time = $this->microtime_float(); | |
| error_log("1000 in " . ($end_time-$start_time)); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment