MyEarth Posted August 9, 2013 Share Posted August 9, 2013 (edited) Hi, I'll post here because this script involved many language...but not Autoit I'll explain better, in this forum i don't have found any example of salted password hashing, on the web there are in every language existing, C, C++, C#, Java, PHP etc. Someone use the PBKDF2, scrypt, or bcrypt library or custom function Since i don't have found nothing in my language and english is not my best friend, after many research i'm here to "revise" this code for autoit: expandcollapse popup#include <Crypt.au3> $aPass = "My Password" ; testing purporse $aHash = _HashPassword($aPass) MsgBox(0, "Crypted", $aHash) If _CheckPassword($aPass, $aHash) = True Then MsgBox(0, "Decrypted", "Well done") Else MsgBox(0, "Wrong Password", "Something goes wrong") EndIf Func _HashPassword($inPwd, $inSalt = "", $sDelimitator = "|", $inSalt_Number = 64) Local Const $CALG_SHA512 = 0x0000800e Local $sSalt, $sHash, $sPassword Local $sPassword = StringStripWS($inPwd, 3) Local $aSalt = StringSplit("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", "") If $inSalt = "" Then For $i = 1 To $inSalt_Number $sSalt &= $aSalt[Random(1, $aSalt[0], 1)] Next Else $sSalt = $inSalt EndIf _Crypt_Startup() $sHash = $sPassword & $sSalt For $i = 1 To 256 $sHash = _Crypt_HashData($sHash, $CALG_SHA512) If $sHash = -1 Then Return SetError(-1, 0, 0) Else $sHash = StringMid($sHash, 3) EndIf Next _Crypt_Shutdown() Return $sHash & $sDelimitator & $sSalt EndFunc ;==>_HashPassword Func _CheckPassword($inPwd, $inHash, $sDelimitator = "|") Local $sHash, $sSalt $aHash = StringSplit($inHash, $sDelimitator) If Not IsArray($aHash) Or $aHash[0] <> 2 Then Return SetError(1, 0, 0) $sHash = $aHash[1] $sSalt = $aHash[2] If _HashPassword($inPwd, $sSalt, $sDelimitator) <> $inHash Then Return SetError(2, 0, 0) Return True EndFunc ;==>_CheckPassword This is the result: 4D3F6DA9EB0F1FE9B80291A34AC104C28F07E8D6918A6F35EB95EFE47CE7BE79707ACCED7F05DF55095B61CEB1BE15A558CF6D8A893C919EA1A153A14DF3C66D|COiJhdR1tlHKK3IBGup1BunLOn0GweNkzw40OzPtNBazhMjAHontKRdKNFiujW8N Isn't to easy to remove the "salt part"? It change everytime, the delimenter | can be a "custom" delimenter but the string is too easy to recognize: |COiJhdR1tlHKK3IBGup1BunLOn0GweNkzw40OzPtNBazhMjAHontKRdKNFiujW8N After removing the salt, is only a SHA-2, yes safer but the salt is useless in the code. Maybe i can remove the delimeter and use StringRight($inSalt_Number) instead of StrinSplit() and use _Crypt_HashData also on the salt for make an "homogeneous" string? So please someone more expert the me can check if the code is good or not, if there are mistake or any suggestion are accepted Edited August 9, 2013 by MyEarth Link to comment Share on other sites More sharing options...
James Posted August 9, 2013 Share Posted August 9, 2013 Perhaps the source of the UDF you're using would be useful? https://github.com/M3d1c5/HashPassword.au3 Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
wraithdu Posted August 9, 2013 Share Posted August 9, 2013 Isn't to easy to remove the "salt part"? I don't think you understand what it means to salt a password. The salt is never secret, otherwise it would be impossible to validate the password against the hash. Google it. Link to comment Share on other sites More sharing options...
MyEarth Posted August 9, 2013 Author Share Posted August 9, 2013 (edited) I don't think you understand what it means to salt a password. The salt is never secret, otherwise it would be impossible to validate the password against the hash. Google it. I have ask for help because the situation is not clear for me, and i'll repeat i don't have found nothing in my language. I don't have say to make a secret salt, but how to add a salt can be easyly removed? Perhaps the source of the UDF you're using would be useful? https://github.com/M3d1c5/HashPassword.au3 Damn, i have forget to add the hyperlink browser problem. Done Edited August 9, 2013 by MyEarth Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now