(05-16-2012, 09:23 AM)undeath Wrote: is that python snippet yours? If yes: who told you to use hexlify/unhexlify?
Code:import hashlib
import binascii
# WBB3 scheme -> sha1($salt.sha1($salt.sha1($pass))
hash = "e2063f7c629d852302d3020599376016ff340399"
salt = "0b053db07dc02bc6f6e24e00462f17e3c550afa9"
password = "123456"
m0 = hashlib.sha1()
m0.update(password)
m1 = hashlib.sha1()
m1.update(salt)
m1.update(binascii.hexlify(m0.digest()))
m2 = hashlib.sha1()
m2.update(salt)
m2.update(binascii.hexlify(m1.digest()))
print("Output:", binascii.hexlify(m2.digest()))
print("Actual", hash)
>>> print("Output:", binascii.hexlify(m2.digest()))
('Output:', 'e2063f7c629d852302d3020599376016ff340399')
>>> print("Actual", hash)
('Actual', 'e2063f7c629d852302d3020599376016ff340399')
Thanks for fixing it :-). It works now. I wrongly assumed that the given salt was to be un-hexed.
(05-16-2012, 10:14 AM)atom Wrote:(05-16-2012, 07:00 AM)halfie Wrote: @atom: and how is WoltLab BB3 scheme exceeding this limit? Both the hash and the salt are 20 bytes in length (they are in hex). The maximum input length at a time is 40 bytes.
I did not know that it is using a hex encoded digest nor did I know its using a hex encoded salt string. In this case it would use 40 + 40 = 80 which is greater than 55.
You were right. The maximum length is 80. The algorithm operates on hex encoded strings.