[Gambas-user] 'gb.crypt' component and SHA (1-2)

Tobias Boege taboege at ...626...
Sun Dec 29 15:52:46 CET 2013 

On Thu, 26 Dec 2013, Kende Kriszti?n wrote:
> 2013-12-26 17:58 keltez?ssel, Kende Kriszti?n ?rta:
> > 2013-12-26 12:33 keltez?ssel, Kende Kriszti?n ?rta:
> >> Hi,
> >>
> >> 'gb.crypt' component is perfect if I want to check SHA-512 password match:
> >>
> >>      Dim shahash As String
> >>
> >>      Exec ["mkpasswd", "-m", "sha-512", "alma"] To shahash
> >>
> >>      Print Crypt.Check("alma", Trim(shahash))
> >>
> >> Output is 'False', so the password is correct.
> >>
> >> But SHA-512 hash generating function isn't implemented yet, just
> >> simplified MD5. Can't we do something about it?
> >>
> >> Kendek
> >>
> >>
> > I'm not a C programmer, but I hacked the 'gb.crypt' source ('c_crypt.c'):
> >
> > - strcpy(key, "$1$");
> > + strcpy(key, "$6$");
> >
> > I compiled this:
> >
> > ./reconf
> > ./configure
> > make
> >
> > and I installed the created 'gb.crypt.so.0.0.0'.
> >
> > The result:
> >
> >     Exec ["mkpasswd", "-m", "sha-512", "alma", "almaalma"]
> >
> >     Print Crypt.MD5("alma", "almaalma")
> >
> > Output:
> >
> > $6$almaalma$MWWhHTP9sVVxJ1olWCRidzfMOSH0nOKVR9cjcHCtqP5LQ/08V18jiwakTNxWSNUWMyIE2lVLKBL.MUBTk460T.
> > $6$almaalma$MWWhHTP9sVVxJ1olWCRidzfMOSH0nOKVR9cjcHCtqP5LQ/08V18jiwakTNxWSNUWMyIE2lVLKBL.MUBTk460T.
> >
> > So this method is works, the generated hash is a SHA-512 hash.
> > Please implement this little plus function, really don't seem too
> > difficult. :-)
> >
> > Kendek
> >
> 
> Now, I implemented sha-256 and sha-512:
> 
>    Print Crypt.DES("alma", "al")
>    Print Crypt.MD5("alma", "almaalma")
>    Print Crypt.SHA256("alma", "almaalmaalma")
>    Print Crypt.SHA512("alma", "almaalmaalma")
> 
> Output:
> 
> alwADBQIemkbE
> $1$almaalma$PPesTGW.ytPBMoDhgO8sm/
> $5$almaalmaalma$6j.0vq2EfahazOz4EIGEb569Z6Mb/dTKMr.HPCKINT4
> $6$almaalmaalma$7ghRcB7juLsnGsAxpuZBXo.RgljxmgL6eXuR0ZIXifjwCFIxo9em994VADsn9v3bj/jz7gdHrQZpRWL8WEIfi/
> 
> So, really not big deal. :-)
> 

I saw your patch made it in. But you can basically do this with gb.openssl,
too (so you don't depend on mkpasswd which is not present at least on my
system):

sHash = Digest["sha512"]("alma")

But you would get raw binary data which you need to compare yourself with
another hash. Also, Sha-512 doesn't know salts as you used ("almaalmaalma")
and I don't know how gb.crypt handles these things. If you use gb.openssl
you would have to do that manually, too.

Looking at the functionality of gb.openssl and the comfort of gb.crypt, we
may need a gb.crypt.openssl library which pulls the algorithms from
gb.openssl and puts them all behind the interface of gb.crypt. What do you
think?

Regards,
Tobi

-- 
"There's an old saying: Don't change anything... ever!" -- Mr. Monk

More information about the User mailing list