Need simple one way hashing code
I''m writing a simple security layer for the server control.
The security will involve performing a one way encryption of the server password to produce the hash. The hash is sent to the server and compared to the existing hashed password that the server knows about.
Can anyone suggest a simple peice of code for performing this encryption?
thanks
gimp
Chris Brodie
May 25, 2000 08:46 PM
If you hash the password, then transmit the hash, the hash becomes the password.
For secure transport, upon connection, the server should generate a key pair and send the public key to the client. The client should encrypt the password and send it to the server, which can then decrypt the password, do a one-way hash, and compare that hash to a table of known hashes. Never use the same key pair twice.
The hash is only useful for securely storing passwords for authentication.
As far as a hash, I don''t know. Things with modulo (sp?) and XOR''s seem to be popular.
For secure transport, upon connection, the server should generate a key pair and send the public key to the client. The client should encrypt the password and send it to the server, which can then decrypt the password, do a one-way hash, and compare that hash to a table of known hashes. Never use the same key pair twice.
The hash is only useful for securely storing passwords for authentication.
As far as a hash, I don''t know. Things with modulo (sp?) and XOR''s seem to be popular.
hehe,
I really should have worked that out myself, I really should have known better. The other thing I was thinking about was:
-Store the passwords on the server.
-User knows a password.
-To use the password you must first however have a key that matched the server''s key. This is never tranmitted.
-The key is used during the encryption to create the hash of the password.
-The Server recieved the hack and uses it''s copy of the key to unhash the password for comparison.
Hence the key is never transmitted.. at least as part of the data stream. I want to make it too complicated OR too insecure. This method requires that a person has to have a token before tha password will do any good, likewise with the key.
So now I need a really simple two way hashing algorithm in c\c++..., by simple I mean:
hash Encrypt(key,data)
data Decrypt(key,hash)
I have a library of enrcyption algorithms here I picked up... Thing is I''m not up to date with which one does what. What do you think about this:
- SHA-1 on memory blocks and files
Is SHA suitable? (the library is undocumented..)
gimp
I really should have worked that out myself, I really should have known better. The other thing I was thinking about was:
-Store the passwords on the server.
-User knows a password.
-To use the password you must first however have a key that matched the server''s key. This is never tranmitted.
-The key is used during the encryption to create the hash of the password.
-The Server recieved the hack and uses it''s copy of the key to unhash the password for comparison.
Hence the key is never transmitted.. at least as part of the data stream. I want to make it too complicated OR too insecure. This method requires that a person has to have a token before tha password will do any good, likewise with the key.
So now I need a really simple two way hashing algorithm in c\c++..., by simple I mean:
hash Encrypt(key,data)
data Decrypt(key,hash)
I have a library of enrcyption algorithms here I picked up... Thing is I''m not up to date with which one does what. What do you think about this:
- SHA-1 on memory blocks and files
Is SHA suitable? (the library is undocumented..)
gimp
Chris Brodie
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
Recommended Tutorials
Advertisement