Merge pull request #969 from molangning/patch-php-magic-hash (does remove some values)

Added php hashes

Source: https://github.com/spaze/hashes/

Author: g0tmi1k

Passwords/PHP-Magic-Hashes.txt

@@ -0,0 +1,47 @@
+# PHP magic hashes
+
+PHP has some unique features which makes hash collisions more easier when using the `==` to compare.
+
+The raw text are taken directly from [spaze/hashes](https://github.com/spaze/hashes/)
+
+- - -
+
+### Floating comparison
+
+Any strings that starts with any numbers of `0`, followed by `e` then ends with only numbers will be treated as zero. An example of such strings are `0e123456` and `00e123456`. [Example code](https://3v4l.org/n8iOp)
+
+This behavior can be extended to numbers, like `'0' == '000`. [Example code](https://3v4l.org/K9QRb)
+
+With loose comparison, these two example strings will equate to each other as both of them are treated as a zero in the backend.
+
+Sometimes, hashes of specific strings will result in those special strings as an result. Those hashes are called `magic hashes`
+
+Here is an example of such weak comparison for [sha256](https://3v4l.org/Lu7tm).
+
+- - -
+
+### Plaintext
+
+Plaintext.txt just contains some ways to abuse php's weak comparison
+
+- - -
+
+### Truncated text
+
+For bcrypt, passwords are automatically truncated to 72 characters, so as long as the first 72 characters match, the hashes will match.
+
+[Bcrypt example](https://3v4l.org/MsfS0)
+
+Descrypt have similar behavior to bcrypt, but passwords are instead truncated to 8 characters.
+
+- - -
+
+## Pre-hashed
+
+<!--- Modified from https://github.com/spaze/hashes?tab%253Dreadme-ov-file#pbkdf2-hmac-sha1-pbkdf2-hmac-sha224-pbkdf2-hmac-sha256-->
+
+If you use a password longer than 64 bytes and hash it with PBKDF2-HMAC-SHA1, it is first pre-hashed with SHA1.
+
+For example, `PBKDF2-HMAC-SHA1(password1) === PBKDF2-HMAC-SHA1(password2)` as `sha1(password1) === bin2hex(password2)`.
+
+This behavior can also be seen in `PBKDF2-HMAC-SHA224` and `PBKDF2-HMAC-SHA256`.

Passwords/php-hashes/README.md

@@ -0,0 +1,20 @@
+HFS_uPqtIQPl:0e929373
+HFS_NhqlNQ1D:0e965437
+HFS_+1G2t/1r:00e84097
+HFS_6nk6Zta1:0e673017
+HFS_MmTo331q:0e644471
+HFS_AzZkcN8f:0e551616
+HFS_0LxhhhkZ:0e840769
+HFS_iKGvCNnD:0e402980
+HFS_YYdr5SWA:00e60109
+HFS_kJ8SLtXh:0e513732
+do+d4JXvGqvL:0e687021
+9tawE8a0EUyU:0e626693
+i6BliFUdioZ2:0e805102
+ZzukD6ZZUYnf:0e138757
+R0GVRbsgqAkq:0e263353
+Dusy8MDlN1DG:0e859691
+o2XXS8QutHnK:0e616557
+rWySA3KKmokQ:0e951917
+zu9dxemJPNdk:0e223236
+cG4ZtD4z8JiK:0e559727

Passwords/php-hashes/floating_comp/crc32.txt

@@ -0,0 +1,20 @@
+HFS_t90miW9g:0e395566
+HFS_cJ3zkvQY:0e508686
+HFS_BtdiQ0kq:0e867068
+HFS_oimsNm9f:00e36431
+HFS_Ff7z2lY9:0e957694
+HFS_1ogclZt0:0e245532
+HFS_6lpwmZAV:00e62469
+HFS_1nUsdYXt:0e731733
+HFS_sseFHTIO:0e975617
+HFS_3y5RlRwJ:00e65928
+m7IHnxcRTBBO:0e940524
+s8nGXfzc1gLV:0e306100
+5JYJnHH7EB7w:0e383201
+ppBjSUTcuIde:0e956113
+W/GKrHQ9sRqk:0e772663
+cCsoYjRJ3qL0:0e050048
+0rc8nlzuCvtG:0e419810
+Prq11e6Styrp:0e292230
+0joOpQlWgVSD:0e501433
+XqrtwN9LgTM/:0e689095

Passwords/php-hashes/floating_comp/crc32b.txt

@@ -0,0 +1,20 @@
+HFS_fJRRVm+S:0e604578
+HFS_jpRkyCVW:0e812503
+HFS_GrBcUOEe:0e362351
+HFS_CP4WQQ/m:0e829559
+HFS_MYXHoW7e:00e21725
+HFS_6m34HXl+:0e300614
+HFS_hVCZWCh4:0e824542
+HFS_VNIzVR6G:0e349231
+HFS_FwB287AP:0e887988
+HFS_fnsOA2UV:0e962163
+jQBvBPJca0X6:0e191084
+v9v5lkxbgndN:0e708569
+KKduycJo2NA4:0e859228
+RW3AsBuFRofx:00e21355
+H/8tFwVkV0nd:0e829312
+vH55u2YbjcAA:0e265582
+zP9Izjs2irUW:0e673403
+61ePjhO7MXSy:0e997362
+zEL2Ax4CVoFz:00e03591
+kAnNwLx+vmlh:0e498108

Passwords/php-hashes/floating_comp/fnv132.txt

@@ -0,0 +1,20 @@
+HFS_mmjH9CNN:0e99769769728569
+HFS_6XEFLJOH:0e77252548411175
+HFS_2jtp0982:0e34597864874626
+HFS_b3kSpfs+:0e30751543430386
+HFS_aAQs6Cyu:0e66626906207668
+HFS_qRCQCIaK:0e97108743422874
+HFS_h/B2aEbV:0e48470717638788
+HFS_NQRnuOOl:0e78474377494907
+HFS_BaC2dl4c:00e7018025920202
+HFS_HF6Wgc28:00e4477970079172
+ICE1d0K/RL7T:0e87116729093816
+OgpHAyV7w/pt:0e92510903960722
+Ls/ijNyI2dW3:0e49565360806964
+vT+ia3KjNMMn:0e43654725309262
+8UZZxmSBbj7f:0e55840857685749
+mUxTfMMkdSec:0e33409805165683
+z9B8zV8jAUJl:0e43960404058632
+LfauICk8l0d6:0e10379759030222
+BMS4d1MCRE3m:0e12639087316691
+6KyW3y0vOXSS:0e44708754369825

Passwords/php-hashes/floating_comp/fnv164.txt

@@ -0,0 +1,20 @@
+HFS_wyEBSA7V:0e534803
+HFS_NTG/rp8K:0e380702
+HFS_8bb79J+r:0e499146
+HFS_NCLJdw8D:0e279619
+HFS_+U/ddhtj:0e844548
+HFS_wR+uZeeF:0e696336
+HFS_t8jKENCz:00e50378
+HFS_p0BbTwIs:0e873774
+HFS_HcjAD1gZ:0e558807
+HFS_Y1iiKHNg:0e850401
+Ky/FMUV7acqp:0e338008
+nIao+ZCGW1yi:0e850185
+Ba+1AjsMkgU4:0e611004
+dBWEkOOVrm1H:00e81498
+pz0fUrCik7Xj:0e561856
+VVwHKixOOkp5:0e265262
+brm9jKlyPDuD:0e577432
+j9ppOBAEe4FI:0e888223
+2XCVJqdz5buc:0e647622
+ifU9AwKqTpFk:0e859873

Passwords/php-hashes/floating_comp/fnv1a32.txt

@@ -0,0 +1,20 @@
+HFS_Zk558Stl:0e63735032620881
+HFS_Z0zC19dz:00e4539999025438
+HFS_AjgVckBy:0e24330735757830
+HFS_Rsa1ptfV:0e14987418690258
+HFS_EB4aWjEF:0e99230175338237
+HFS_xiyO7ooR:0e59842152613905
+HFS_ZzkcfVgb:0e25056956505672
+HFS_Dn1zB//4:0e03757793636208
+HFS_NGPMd7bq:0e44676527555825
+HFS_tmbw2/qf:0e40131582938791
+pco3ZfZmrUBJ:0e05359896370116
+bz9ISyvY9Vb3:0e65395150279106
+M6R0BrFPl148:0e43580429083055
+W3ip6wIFHvas:0e06505527087824
+eCDWwfqkpUIR:0e25777293567931
+IJtSxVbjF2ob:0e81314171010538
+064Tu56U1UEb:0e68411166834011
+v2juiQs2UUxS:0e06435821426364
+pviQoG24tL22:00e3577320523955
+mGToWOBcVspV:0e53560715322800

Passwords/php-hashes/floating_comp/fnv1a64.txt

@@ -0,0 +1,20 @@
+Hc0aB8p8CpKi:00e87990840549464436715117226983
+BGGJlLv/GYok:00e85650966369081160436000945995
+s7WMcKnZ/kzg:00e97615161216545460560708019418
+NK+nx5eetv/p:0e637481972504749625591446873225
+MUn+9Ib6/NMO:0e564934382199694374935868660885
+towJzaPbSeJN:0e800051290985131754184104629939
+EjFIOVEP2Y/w:0e648021848868658747230365721319
+tVf4T+/e1BRT:0e197045554516607160549489551104
++Q8pxIx4VkiZ:0e323951952843860186883283848540
+xWAK0mTzfVrG:0e338717845199315687624058385989
+HFS_eVqZgPDV2o6D:0e803410568231701558419329821959
+HFS_FmSb/K9NnkL3:00e27465814007486943610626830963
+HFS_csuacgV1fhVy:0e496412321227784868481853981968
+HFS_h6PP2IEtlFat:0e109202590694681889848277372784
+HFS_woa6CK0FITIy:0e888470791968982727374420202621
+HFS_49EiLRodZfmQ:0e843253718875009042858566146390
+HFS_Ja7HxaNIKdD2:0e300530956879222335658470434733
+HFS_+fAaaZUkDHUE:0e087311696200150344500783258968
+HFS_HqJ0DJ0q3plN:0e109720983314623637038758578773
+HFS_76se6PIp21MU:0e223117526056466767519217492299

Passwords/php-hashes/floating_comp/haval128,3.txt

@@ -0,0 +1,22 @@
+kkNwiLvp:0e224499306604034592498556683884
+aVzj4kSl:0e699098147704478302187197452577
+Rr0rtxAmJkX1:0e948786571371740736679014195910
+pOfQlZN1bEe+:0e763143522516249376445822634702
+X5FUngTs0xmK:0e034132293760348512897203627244
+B2wruC8LuwPp:0e792256378944410505513115026683
+GkKeU7RSZ+tB:00e00956485375103399460147021060
+eEo15Ae+wfot:0e731970944586972288355541307227
+hN6nZpUTJbUL:0e546684356004016895095440515698
+KnJ12oTxpzM0:0e230201982980004430779943196315
+Eq1Lp91ZUwdJ:0e850895948803892376429698758484
+8a0rD9lxxe/d:0e494613744998704148276916252662
+HFS_2vFy8egqyX86:0e411443916369260608664108755373
+HFS_rpeHhFxDD8Hr:0e430966836024156014941675462009
+HFS_s3ZC0Zi0KUT8:0e308320803113259548747746525892
+HFS_MeNMcKEgAq6s:0e911510173906812607381599030115
+HFS_mzdfepOik2d9:0e406117797053803350857960561164
+HFS_/gafnmo3h7te:0e707962923571076517504510602074
+HFS_VolXadwBfBGS:0e354055072092201161847707006284
+HFS_bC2bKTitaVql:0e588031527566426353005807499347
+HFS_4kNYv081anJC:0e924023131980996780460963248504
+HFS_fYISH6WAAXUQ:0e262623687505394293343859341884