用Java验证wordpress生成的密码
一、wordpress密码加密后的密文格式:
$P$B12345678huiyw4r7qhfuhs8yjmd6ef
$P$912345678huiyw4r7qhfuhs8yjmd6ef- 第一段:$P$格式固定
- 第二段:只有一个字符。若php版本大于5.0则为B,否则为9
- 第三段:8位salt
- 第四段:22位,真正加密后的密码
二、密文的加密方法
php版本高于5.0$hash = md5($salt.$password, TRUE);
do {
$hash = md5($hash.$password, TRUE);
}
while (--$count);$hash = pack('H*', md5($salt.$password));
do {
$hash = pack('H*', md5($hash.$password));
}
while (--$count);三、wordpress的base64算法
64位字符表比较特殊,与普通的字符表顺序有差异: itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
//input即hash,count=16
java实现加密
package cn.liuhaihua.core.util;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class WPPasswordUtil {
//wordpress 加密
public static String WordpressEncrypt(String str, String salt){
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
byte[] hash = md.digest((salt + str).getBytes());
byte[] palin = str.getBytes();
for(int i = 0;i < 8192;i++){
byte[] newplain = new byte[hash.length + palin.length];
System.arraycopy(hash, 0, newplain, 0, hash.length);
System.arraycopy(palin, 0, newplain, hash.length, palin.length);
//MD5加密
MessageDigest md5 = MessageDigest.getInstance("MD5");
hash = md5.digest(newplain);
}
int[] x = new int[hash.length];
for(int i = 0;i < hash.length;i++){
x[i] = hash[i] & 0xff;
}
// System.out.println(re);
// return re;
return "$P$B" + salt + encode64(x, 16);
// return String.valueOf(hash.length);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return "fail";
}
}
private static String encode64(int[] input, int number){
String hash = "";
int output = 0;
int[] input_2 = new int[number];
for (int i = 0; i < number; i++)
{
input_2[i] = input[i];
//text_2.Text += "'" + input_2[i] + "'" ;
}
String itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
int output_2 = 0;
int len_2 = 0;
int value_2 = 0;
for (int i = 0; i <number;i++ )
{
int value = input_2[i];
output = input_2[i];
hash += itoa64.substring((value % 64 + 64)%64, (value % 64 + 64)%64 + 1);
if (i + 1 <= number)
{
if (i + 1 < number)
{
value = input_2[++i];
output_2 = (value << 8);//左移8位
output = output + output_2;
}
value_2 = output;
int len = Integer.toBinaryString(output).length();
if (len - 6 > 0)
{
output = (output >> 6);//右移6位
}
else
{
output = 0;
}
value = output;
hash += itoa64.substring((value % 64 + 64)%64, (value % 64 + 64)%64 + 1);
}
else
{
break;
}
if (i + 1 < number)
{
value = input_2[++i];
output_2 = (value << 16);//左移16位
output = value_2 + output_2;
value_2 = output;
len_2 = Integer.toBinaryString(output).length();
output_2 = output;
output = (output >> 12);//右移12位
value = output;//
hash += itoa64.substring((value % 64 + 64)%64, (value % 64 + 64)%64 + 1);
}
else
{
break;
}
if (i+1< number)
{
len_2 = Integer.toBinaryString(output_2).length();
output = (output_2 >> 18);//右移18位
value = output;//
hash += itoa64.substring((value % 64 + 64)%64, (value % 64 + 64)%64 + 1);
}
}
return hash; //*/
}
public static void main(String[] args) {
// 示例使用
String plainPassword = "123344";
String hashedPassword = "$P$Bsu1fS5Gh72dYtsDPIRbGNn0Ec5X5x.";
System.out.println(WordpressEncrypt(plainPassword, hashedPassword.substring(4,12)));
/*// WordPress 哈希密码
// 生成盐
String salt = BCrypt.gensalt(8);
System.out.println("Hashed Password: " + BCrypt.hashpw(plainPassword,salt));
// 验证密码
boolean isPasswordCorrect = BCrypt.checkpw(plainPassword, hashedPassword);
System.out.println("Password is correct: " + isPasswordCorrect);*/
}
}WPPasswordUtil.WordpressEncrypt(pwd, member_db.getUserPass().substring(4,12)).equals(member_db.getUserPass())正文到此结束
热门推荐
相关文章
近期评论
-
文章和留言都翻到11页了 没有OOM
-
-
朋友,翻页到11页,及以后,会出现OOM,无法访问
-
-
搞个gitee的项目
-
-
版本号是多少,你可以下载哪个代码仓库,jdk选1.8 直接跑就行
-
-
-
Loading...
![[HBLOG]公众号](https://www.liuhaihua.cn/img/qrcode_gzh.jpg)
