Hi guys
I'm using Anope with MySQL database and password encryption with sha256. Currently I'm trying to figure it out how Anope encrypts passwords to check against the value in the database. I need to know that because I'm using a php login page for some special features for registered irc users. So far I understand, the sha256 password has the format encryption:encryptedpassword:iv. for example:
sha256:Af1d8222aaff4ee6957bc1db32680915e0563804c83ed1ce8f926612c43ef9eb:9247724720ef2305021dbb0373b3958b39f3b8cb595ff9740f158d7426011dZ4
My thoughts was, I need the IV (in this example 9247724720ef2305021dbb0373b3958b39f3b8cb595ff9740f158d7426011dZ4) and then the plain-text password (or maybe the base64 encoded password) and then encode this with sha256 to get the encoded password (in this example Af1d8222aaff4ee6957bc1db32680915e0563804c83ed1ce8f926612c43ef9eb). But unfortunately that did not the job. Regardless in which order I set the plain-text password and the IV or if the plain-text password is base64 encoded or not.
Therefore Anope generates the password hash in a different way and I can't figure it out how exactly it is done. I tried to check the source code and I guess the important part is:
misc.cpp
void Anope::Encrypt(const Anope::string &src, Anope::string &dest)
Anope::string Anope::Hex(const char *data, unsigned len)
enc_sha256.cp
EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) anope_override
but since I've no clue how the sha256 algorithm works and if Anope has made some modification to it, that brings me to this forum. Do you guys know how the password hash is actually being created so that I can use an external login verification and registration process which works with the exact sha256 encryption that Anope uses? Thank you in advance.