How to create user password hash

debugcn 投稿 Dev

PhilC

We are in the process of converting code to use Crypto++ library. To create a hashed password for our users is this all that is necessary? Just want to make sure we aren't missing some important piece. Thanks you

void test_create_hash(void)
{
   using namespace CryptoPP;
   std::string password = "this is a users password";
   unsigned int iterations = 1000000;

   AutoSeededRandomPool rng;

   SecByteBlock pwsalt(AES::DEFAULT_KEYLENGTH);
   rng.GenerateBlock(pwsalt,pwsalt.size());

   SecByteBlock derivedkey(AES::DEFAULT_KEYLENGTH);

   PKCS5_PBKDF2_HMAC<SHA256> pbkdf;

   pbkdf.DeriveKey(
      derivedkey, derivedkey.size(),
      0x00,
      (byte *) password.data(), password.size(),
      pwsalt, pwsalt.size(),
      iterations
   );
   std::string salthex;
   StringSource ss1(pwsalt,pwsalt.size(),true,
          new HexEncoder(
             new StringSink(salthex)
          )
        );
   std::string derivedhex;
   StringSource ss2(derivedkey,derivedkey.size(),true,
          new HexEncoder(
             new StringSink(derivedhex)
          )
        );

   cout << "salt stored to database:" << salthex << std::endl;
   cout << "password stored to database:" << derivedhex << std::endl;
}

jww

A few comments...

SecByteBlock pwsalt(AES::DEFAULT_KEYLENGTH);
SecByteBlock derivedkey(AES::DEFAULT_KEYLENGTH);

What's up with AES? Perhaps:

SecByteBlock pwsalt(SHA256::DIGEST_SIZE);
SecByteBlock derivedkey(SHA256::DIGEST_SIZE);

A CMAC works fine if you want to keep using AES.

std::string salthex;
StringSource ss(pwsalt,pwsalt.size(),true,
    new HexEncoder(
        new StringSink(salthex)
    )
);

You should not use anonymous declarations. It causes trouble for some GCC versions. That is, name your StringSource.

std::string salthex;
StringSource ss(pwsalt,pwsalt.size(),true,
    new HexEncoder(
        new StringSink(salthex)
    )
);

この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。

侵害の場合は、連絡してください[email protected]

編集2021-06-29

コメントを追加

サインイン

分類Dev

Create Microsoft Graph GraphServiceClient with user/password unattended

分類Dev

Use CREATE USER in Postgres by passing password in variable

分類Dev

concrete5 create password hash that is comparable to stored value

分類Dev

psql create user SUPER USER WITH password throwing syntax error message

分類Dev

How to disable the login password for a specific user?

分類Dev

How is PAM checking the user password in unprivileged processes?

分類Dev

How to create a user in a Kubernetes cluster?

分類Dev

How to compare user input to key/value pair in hash in Ruby?

分類Dev

Django password hasher with username in hash

分類Dev

Hash or obscure password for network share

分類Dev

How to determine if the user signed in to Firebase with email and password or with google sign in?

分類Dev

How to start mongo docker image with db user and password

分類Dev

How to perform my own authentication (checking username and password typed by the user)

分類Dev

How to get a Django Prepopulated Model Form for User to not populate password

分類Dev

How to test Devise user was created with proper password with RSpec

分類Dev

Given a hash of arrays, how to create an array of hashes with each possible combo

分類Dev

How to create a Login in userform with 2 or 3 Username and Password?

分類Dev

SQLNestedException: Cannot create PoolableConnectionFactory (Access denied for user '<<USERNAME>>'@'SERVERIP' (using password: YES))

分類Dev

Angular way to toggle require on a password field whether create new or edit user?

分類Dev

Get password of a user

分類Dev

Jira recover user and password

分類Dev

User Name and Password Generator

分類Dev

How to create dynamic CSS based on user input

分類Dev

How to create user module at run-time?

分類Dev

How to create a relationship between User and Posts in Laravel

分類Dev

Firebase admin how to create user with passwordless signin?

分類Dev

Stripe - How to create a PaymentMethod without attaching to an user?

分類Dev

Create a strong password for AES

分類Dev

phpのpassword_verifyとpassword_hash

Related 関連記事

記事