diff options
author | lloyd <[email protected]> | 2007-03-09 00:34:42 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2007-03-09 00:34:42 +0000 |
commit | ffdfd1c3638a4a7470f3999298cd21ba786ee091 (patch) | |
tree | f51fc54f22c84c499f8a77f0a3b7a099b43aa189 | |
parent | 909847a93cbdec288c9e09e6f21e2be0886e0fb6 (diff) |
Add a password hashing example. It uses PBKDF2/SHA-1 with 10000 iterations,
a 48-bit seed, and a 96-bit hash. The example can both create new hashes
and confirm existing ones.
-rw-r--r-- | doc/examples/Makefile | 6 | ||||
-rw-r--r-- | doc/examples/passhash.cpp | 76 |
2 files changed, 81 insertions, 1 deletions
diff --git a/doc/examples/Makefile b/doc/examples/Makefile index 78fc65a35..ad650351d 100644 --- a/doc/examples/Makefile +++ b/doc/examples/Makefile @@ -14,7 +14,7 @@ RSA_EX = rsa_kgen rsa_enc rsa_dec DSA_EX = dsa_kgen dsa_sign dsa_ver DH_EX = dh HASH_EX = hash hash_fd hasher hasher2 stack -MISC_EX = factor base base64 bzip encrypt decrypt xor_ciph +MISC_EX = factor base base64 bzip encrypt decrypt xor_ciph passhash PROGS = $(X509_EX) $(RSA_EX) $(DSA_EX) $(DH_EX) $(HASH_EX) $(MISC_EX) @@ -93,6 +93,10 @@ pkcs10: pkcs10.cpp $(CXX) $(FLAGS) $? $(LIBS) -o $@ @$(STRIP) $@ +passhash: passhash.cpp + $(CXX) $(FLAGS) $? $(LIBS) -o $@ + @$(STRIP) $@ + rsa_dec: rsa_dec.cpp $(CXX) $(FLAGS) $? $(LIBS) -o $@ @$(STRIP) $@ diff --git a/doc/examples/passhash.cpp b/doc/examples/passhash.cpp new file mode 100644 index 000000000..19b4abc40 --- /dev/null +++ b/doc/examples/passhash.cpp @@ -0,0 +1,76 @@ +#include <botan/botan.h> +#include <botan/pkcs5.h> +#include <iostream> + +using namespace Botan; + +std::string password_hash(const std::string& pass); +bool password_hash_ok(const std::string& pass, const std::string& hash); + +int main(int argc, char* argv[]) + { + if(argc != 2 && argc != 3) + { + std::cerr << "Usage: " << argv[0] << " password\n"; + std::cerr << "Usage: " << argv[0] << " password hash\n"; + return 1; + } + + try + { + LibraryInitializer init; + + if(argc == 2) + std::cout << "H('" << argv[1] << "') = " << password_hash(argv[1]) << '\n'; + else + { + bool ok = password_hash_ok(argv[1], argv[2]); + if(ok) + std::cout << "Password and hash match\n"; + else + std::cout << "Password and hash do not match\n"; + } + } + catch(std::exception& e) + { + std::cerr << e.what() << '\n'; + return 1; + } + return 0; + } + +std::string password_hash(const std::string& pass) + { + PKCS5_PBKDF2 kdf("SHA-1"); + + kdf.set_iterations(10000); + kdf.new_random_salt(6); // 48 bits + + Pipe pipe(new Base64_Encoder); + pipe.start_msg(); + pipe.write(kdf.current_salt()); + pipe.write(kdf.derive_key(12, pass).bits_of()); + pipe.end_msg(); + + return pipe.read_all_as_string(); + } + +bool password_hash_ok(const std::string& pass, const std::string& hash) + { + Pipe pipe(new Base64_Decoder); + pipe.start_msg(); + pipe.write(hash); + pipe.end_msg(); + + SecureVector<byte> hash_bin = pipe.read_all(); + + PKCS5_PBKDF2 kdf("SHA-1"); + + kdf.set_iterations(10000); + kdf.change_salt(hash_bin, 6); + + SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of(); + + return same_mem(cmp.begin(), hash_bin.begin() + 6, 12); + } + |