voretzky
diff --git a/‎Passwords/PHP-Magic-Hashes.txt
-25 b/‎Passwords/PHP-Magic-Hashes.txt
-25
diff --git a/‎Passwords/php-hashes/README.md
+35 b/‎Passwords/php-hashes/README.md
+35
diff --git a/‎Passwords/php-hashes/floating_comp/crc32.txt
+20 b/‎Passwords/php-hashes/floating_comp/crc32.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/crc32b.txt
+20 b/‎Passwords/php-hashes/floating_comp/crc32b.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/fnv132.txt
+20 b/‎Passwords/php-hashes/floating_comp/fnv132.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/fnv164.txt
+20 b/‎Passwords/php-hashes/floating_comp/fnv164.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/fnv1a32.txt
+20 b/‎Passwords/php-hashes/floating_comp/fnv1a32.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/fnv1a64.txt
+20 b/‎Passwords/php-hashes/floating_comp/fnv1a64.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/haval128,3.txt
+20 b/‎Passwords/php-hashes/floating_comp/haval128,3.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/haval128,4.txt
+22 b/‎Passwords/php-hashes/floating_comp/haval128,4.txt
+22
diff --git a/‎Passwords/php-hashes/floating_comp/haval128,5.txt
+17 b/‎Passwords/php-hashes/floating_comp/haval128,5.txt
+17
diff --git a/‎Passwords/php-hashes/floating_comp/haval160,3.txt
+1 b/‎Passwords/php-hashes/floating_comp/haval160,3.txt
+1
diff --git a/‎Passwords/php-hashes/floating_comp/haval160,4.txt
+1 b/‎Passwords/php-hashes/floating_comp/haval160,4.txt
+1
diff --git a/‎Passwords/php-hashes/floating_comp/haval160,5.txt
+4 b/‎Passwords/php-hashes/floating_comp/haval160,5.txt
+4
diff --git a/‎Passwords/php-hashes/floating_comp/joaat.txt
+20 b/‎Passwords/php-hashes/floating_comp/joaat.txt
+20
diff --git a/‎Passwords/php-hashes/floating_comp/md2.txt
+21 b/‎Passwords/php-hashes/floating_comp/md2.txt
+21
diff --git a/‎Passwords/php-hashes/floating_comp/md4.txt
+20 b/‎Passwords/php-hashes/floating_comp/md4.txt
+20
@@ -0,0 +1,35 @@
+# PHP magic hashes
+
+PHP has some unique features which makes hash collisions more easier when using the `==` to compare.
+
+The raw text are taken directly from [spaze/hashes](https://github.com/spaze/hashes/)
+
+- - -
+
+### Floating comparison
+
+Any strings that starts with any numbers of `0`, followed by `e` then ends with only numbers will be treated as zero. An example of such strings are `0e123456` and `00e123456`. [Example code](https://3v4l.org/n8iOp)
+
+This behavior can be extended to numbers, like `'0' == '000`. [Example code](https://3v4l.org/K9QRb)
+
+With loose comparison, these two example strings will equate to each other as both of them are treated as a zero in the backend.
+
+Sometimes, hashes of specific strings will result in those special strings as an result. Those hashes are called `magic hashes`
+
+Here is an example of such weak comparison for [sha256](https://3v4l.org/Lu7tm).
+
+- - -
+
+### Plaintext
+
+Plaintext.txt just contains some ways to abuse php's weak comparison
+
+- - -
+
+### Truncated text
+
+For bcrypt, passwords are automatically truncated to 72 characters, so as long as the first 72 characters match, the hashes will match.
+
+[Bcrypt example](https://3v4l.org/MsfS0)
+
+Descrypt have similar behavior to bcrypt, but passwords are instead truncated to 8 characters.
@@ -0,0 +1,20 @@
+HFS_uPqtIQPl:0e929373
+HFS_NhqlNQ1D:0e965437
+HFS_+1G2t/1r:00e84097
+HFS_6nk6Zta1:0e673017
+HFS_MmTo331q:0e644471
+HFS_AzZkcN8f:0e551616
+HFS_0LxhhhkZ:0e840769
+HFS_iKGvCNnD:0e402980
+HFS_YYdr5SWA:00e60109
+HFS_kJ8SLtXh:0e513732
+do+d4JXvGqvL:0e687021
+9tawE8a0EUyU:0e626693
+i6BliFUdioZ2:0e805102
+ZzukD6ZZUYnf:0e138757
+R0GVRbsgqAkq:0e263353
+Dusy8MDlN1DG:0e859691
+o2XXS8QutHnK:0e616557
+rWySA3KKmokQ:0e951917
+zu9dxemJPNdk:0e223236
+cG4ZtD4z8JiK:0e559727
@@ -0,0 +1,20 @@
+HFS_t90miW9g:0e395566
+HFS_cJ3zkvQY:0e508686
+HFS_BtdiQ0kq:0e867068
+HFS_oimsNm9f:00e36431
+HFS_Ff7z2lY9:0e957694
+HFS_1ogclZt0:0e245532
+HFS_6lpwmZAV:00e62469
+HFS_1nUsdYXt:0e731733
+HFS_sseFHTIO:0e975617
+HFS_3y5RlRwJ:00e65928
+m7IHnxcRTBBO:0e940524
+s8nGXfzc1gLV:0e306100
+5JYJnHH7EB7w:0e383201
+ppBjSUTcuIde:0e956113
+W/GKrHQ9sRqk:0e772663
+cCsoYjRJ3qL0:0e050048
+0rc8nlzuCvtG:0e419810
+Prq11e6Styrp:0e292230
+0joOpQlWgVSD:0e501433
+XqrtwN9LgTM/:0e689095
@@ -0,0 +1,20 @@
+HFS_fJRRVm+S:0e604578
+HFS_jpRkyCVW:0e812503
+HFS_GrBcUOEe:0e362351
+HFS_CP4WQQ/m:0e829559
+HFS_MYXHoW7e:00e21725
+HFS_6m34HXl+:0e300614
+HFS_hVCZWCh4:0e824542
+HFS_VNIzVR6G:0e349231
+HFS_FwB287AP:0e887988
+HFS_fnsOA2UV:0e962163
+jQBvBPJca0X6:0e191084
+v9v5lkxbgndN:0e708569
+KKduycJo2NA4:0e859228
+RW3AsBuFRofx:00e21355
+H/8tFwVkV0nd:0e829312
+vH55u2YbjcAA:0e265582
+zP9Izjs2irUW:0e673403
+61ePjhO7MXSy:0e997362
+zEL2Ax4CVoFz:00e03591
+kAnNwLx+vmlh:0e498108
@@ -0,0 +1,20 @@
+HFS_mmjH9CNN:0e99769769728569
+HFS_6XEFLJOH:0e77252548411175
+HFS_2jtp0982:0e34597864874626
+HFS_b3kSpfs+:0e30751543430386
+HFS_aAQs6Cyu:0e66626906207668
+HFS_qRCQCIaK:0e97108743422874
+HFS_h/B2aEbV:0e48470717638788
+HFS_NQRnuOOl:0e78474377494907
+HFS_BaC2dl4c:00e7018025920202
+HFS_HF6Wgc28:00e4477970079172
+ICE1d0K/RL7T:0e87116729093816
+OgpHAyV7w/pt:0e92510903960722
+Ls/ijNyI2dW3:0e49565360806964
+vT+ia3KjNMMn:0e43654725309262
+8UZZxmSBbj7f:0e55840857685749
+mUxTfMMkdSec:0e33409805165683
+z9B8zV8jAUJl:0e43960404058632
+LfauICk8l0d6:0e10379759030222
+BMS4d1MCRE3m:0e12639087316691
+6KyW3y0vOXSS:0e44708754369825
@@ -0,0 +1,20 @@
+HFS_wyEBSA7V:0e534803
+HFS_NTG/rp8K:0e380702
+HFS_8bb79J+r:0e499146
+HFS_NCLJdw8D:0e279619
+HFS_+U/ddhtj:0e844548
+HFS_wR+uZeeF:0e696336
+HFS_t8jKENCz:00e50378
+HFS_p0BbTwIs:0e873774
+HFS_HcjAD1gZ:0e558807
+HFS_Y1iiKHNg:0e850401
+Ky/FMUV7acqp:0e338008
+nIao+ZCGW1yi:0e850185
+Ba+1AjsMkgU4:0e611004
+dBWEkOOVrm1H:00e81498
+pz0fUrCik7Xj:0e561856
+VVwHKixOOkp5:0e265262
+brm9jKlyPDuD:0e577432
+j9ppOBAEe4FI:0e888223
+2XCVJqdz5buc:0e647622
+ifU9AwKqTpFk:0e859873
@@ -0,0 +1,20 @@
+HFS_Zk558Stl:0e63735032620881
+HFS_Z0zC19dz:00e4539999025438
+HFS_AjgVckBy:0e24330735757830
+HFS_Rsa1ptfV:0e14987418690258
+HFS_EB4aWjEF:0e99230175338237
+HFS_xiyO7ooR:0e59842152613905
+HFS_ZzkcfVgb:0e25056956505672
+HFS_Dn1zB//4:0e03757793636208
+HFS_NGPMd7bq:0e44676527555825
+HFS_tmbw2/qf:0e40131582938791
+pco3ZfZmrUBJ:0e05359896370116
+bz9ISyvY9Vb3:0e65395150279106
+M6R0BrFPl148:0e43580429083055
+W3ip6wIFHvas:0e06505527087824
+eCDWwfqkpUIR:0e25777293567931
+IJtSxVbjF2ob:0e81314171010538
+064Tu56U1UEb:0e68411166834011
+v2juiQs2UUxS:0e06435821426364
+pviQoG24tL22:00e3577320523955
+mGToWOBcVspV:0e53560715322800
@@ -0,0 +1,20 @@
+Hc0aB8p8CpKi:00e87990840549464436715117226983
+BGGJlLv/GYok:00e85650966369081160436000945995
+s7WMcKnZ/kzg:00e97615161216545460560708019418
+NK+nx5eetv/p:0e637481972504749625591446873225
+MUn+9Ib6/NMO:0e564934382199694374935868660885
+towJzaPbSeJN:0e800051290985131754184104629939
+EjFIOVEP2Y/w:0e648021848868658747230365721319
+tVf4T+/e1BRT:0e197045554516607160549489551104
++Q8pxIx4VkiZ:0e323951952843860186883283848540
+xWAK0mTzfVrG:0e338717845199315687624058385989
+HFS_eVqZgPDV2o6D:0e803410568231701558419329821959
+HFS_FmSb/K9NnkL3:00e27465814007486943610626830963
+HFS_csuacgV1fhVy:0e496412321227784868481853981968
+HFS_h6PP2IEtlFat:0e109202590694681889848277372784
+HFS_woa6CK0FITIy:0e888470791968982727374420202621
+HFS_49EiLRodZfmQ:0e843253718875009042858566146390
+HFS_Ja7HxaNIKdD2:0e300530956879222335658470434733
+HFS_+fAaaZUkDHUE:0e087311696200150344500783258968
+HFS_HqJ0DJ0q3plN:0e109720983314623637038758578773
+HFS_76se6PIp21MU:0e223117526056466767519217492299
@@ -0,0 +1,22 @@
+kkNwiLvp:0e224499306604034592498556683884
+aVzj4kSl:0e699098147704478302187197452577
+Rr0rtxAmJkX1:0e948786571371740736679014195910
+pOfQlZN1bEe+:0e763143522516249376445822634702
+X5FUngTs0xmK:0e034132293760348512897203627244
+B2wruC8LuwPp:0e792256378944410505513115026683
+GkKeU7RSZ+tB:00e00956485375103399460147021060
+eEo15Ae+wfot:0e731970944586972288355541307227
+hN6nZpUTJbUL:0e546684356004016895095440515698
+KnJ12oTxpzM0:0e230201982980004430779943196315
+Eq1Lp91ZUwdJ:0e850895948803892376429698758484
+8a0rD9lxxe/d:0e494613744998704148276916252662
+HFS_2vFy8egqyX86:0e411443916369260608664108755373
+HFS_rpeHhFxDD8Hr:0e430966836024156014941675462009
+HFS_s3ZC0Zi0KUT8:0e308320803113259548747746525892
+HFS_MeNMcKEgAq6s:0e911510173906812607381599030115
+HFS_mzdfepOik2d9:0e406117797053803350857960561164
+HFS_/gafnmo3h7te:0e707962923571076517504510602074
+HFS_VolXadwBfBGS:0e354055072092201161847707006284
+HFS_bC2bKTitaVql:0e588031527566426353005807499347
+HFS_4kNYv081anJC:0e924023131980996780460963248504
+HFS_fYISH6WAAXUQ:0e262623687505394293343859341884
@@ -0,0 +1,17 @@
+KrRepI8+:0e094737743220655841445846663343
+IvgTEsdw:0e276916413118993176031864485352
+c+vK/GHW:0e981995477080918746281793582934
+UoCPK6mj:0e400819262258099937317495389706
+fJk2R+pcCVY9:0e009896675943615722112567195960
+x0nlxkSR7fiA:0e285677133603495779179085825289
+1j61rkcol66D:0e233981993594667945785775640925
+EEXyi3oeVxzW:0e002979692843695876894172401128
+mb3+B2N9jF5b:00e76164452839109593406041060211
+e6GKAIOoj0XV:0e637440114391585835904801245594
+HFS_aMlK2UEMfz8d:00e13969398729504363246601585262
+HFS_oLKA+vood/da:0e489300866492752037963655684467
+HFS_tR9HPw4a1UkW:0e547532540990180584942317746309
+HFS_aWiwsgAzvH0k:0e847695237242596964571128852021
+HFS_+MoaPZ67Zph0:0e372044489395836853593728552254
+HFS_BMG6q5c6UXf1:0e286388205363071342083757396906
+HFS_cZQsQmvfTeY7:0e796062662479589143658605156616
@@ -0,0 +1 @@
+v0EUjJxPgLhJ:0e02871491133112088423036355480238947466
@@ -0,0 +1 @@
+E/iU4G/RWX2U:0e05619243841962186068015638184515831754
@@ -0,0 +1,4 @@
+JRRw+CPb:0e50989194437111063473436963220380916416
+xvRv0OwB:00e9115554617769276224983939931756498863
+s48z7zZIxfs8:0e92477519284007915582397909940677463532
+dCkYzB/Amt4W:0e36718864763663089365908126910404869095
@@ -0,0 +1,20 @@
+HFS_xG1i0UHi:0e156093
+HFS_rGlu/rqL:0e019292
+HFS_5Qj1GlHT:0e109380
+HFS_AFsRjJ+2:0e368964
+HFS_NQCJ4LWI:0e943551
+HFS_bOSU4YxR:00e07556
+HFS_Bia7DVjj:0e439006
+HFS_+kI9wKwW:0e580981
+HFS_RmTwgQv3:0e661211
+HFS_FJUGF1lp:0e088912
+wuO+Q/Nx1FYZ:0e146837
+fEpESni3CU8R:0e920159
+DvV7QdVoamTi:0e339036
+bKMX2R2nuXfL:0e278242
+wUFfWJX+j35l:0e796936
+MZD1lO5tgEgt:0e469124
+RZd+D2PsJPbE:0e592738
+hRahCHdKdxFD:00e44630
+fyr3tLFm3GwU:0e463099
+2wxS/xSQF9/G:0e042304
@@ -0,0 +1,21 @@
+Oq9wqi64:0e299969168079221277306999992834
+txYZT4cl:00e86369060362984332983859018031
+rj+EHv52:0e471200778606499034287013358745
+9Y+MjJ29:0e752615265323820839442808619986
+NGbONxf/:0e274947243675490162706392207166
+2HlFqrdIKK6z:0e775864032084923962202802082987
+nugVNza87sc1:0e492589969087156856048517023660
+6ze9qXw7bqvf:0e778903522307133193708445518814
+W2WrCWFdBdC4:0e009309245621109838125862797697
+3dAHjEEvaWhd:0e753246436162655664120457142403
+SH2JgwgXue4C:00e87419238621437076826744464218
+HFS_aU8YVtvk7uFd:0e108733548132157028200118844601
+HFS_B+Cl0xVAQn6k:0e912082349509472197532286758907
+HFS_Ch4Cwv8EWyeT:00e92012083082702301818382846187
+HFS_rPvcjXrN1trW:0e709873821179025966368591895008
+HFS_HGFiLsnEgkHN:0e696728618198124445143742651767
+HFS_q7IdVN3SuaSh:0e643040953997048990922471871309
+HFS_CW9wBRP/hJE/:00e16211331329674937024700072488
+HFS_fRCqrXeKYINW:0e391392996959320839227567015414
+HFS_lfwAhKJW0qOC:00e71867370461470440096217786836
+HFS_Nu2iJp1YS/aQ:0e552107017564446716951105766452
@@ -0,0 +1,20 @@
+gH0nAdHk:0e096229559581069251163783434175
+IiF+hTai:00e90130237707355082822449868597
+cbl1Bbfx:0e501810953487319804019049523665
+qAxkkpGIvmyV:0e023511603034810990326197996106
+w9A4O5c2AcCI:0e117159255837959360238582783358
+MXBCJu4/R+te:0e822491196139737657055959804476
+eLJi1fX6kgzI:00e79740107547458069306261903674
+BEUMinS4LASy:0e393530938832712096692131547891
+AcOQSt6sNGN9:0e396217575381614256802963302190
+DHl4YbGCyl1A:0e684191063268313205630041920469
+HFS_xMr1f9btEwWc:0e856901476824931362949658192340
+HFS_tgzvSmlCbidm:00e68046312964100558804629291774
+HFS_BMdeGsYykS7w:0e690129148133908797898341004833
+HFS_Ajo9SAVRVEH4:0e887861753855845773838472382503
+HFS_l2OcPx/x5Bzh:0e594437669422240019387761183696
+HFS_fic53BOMy7J8:0e865432596624568327445739676432
+HFS_WnGbX8sRbjYh:0e037670520101929789823750424895
+HFS_gy1B+SQG9Cop:0e542018559046586704942037834686
+HFS_HSFs5z+SWwsi:0e583916835001260204962621340859
+HFS_7vt0svmr6mPG:0e281163708594849287164907175655
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+v0EUjJxPgLhJ:0e02871491133112088423036355480238947466`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+E/iU4G/RWX2U:0e05619243841962186068015638184515831754`