diff options
| author | lloyd <[email protected]> | 2007-03-09 00:34:42 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2007-03-09 00:34:42 +0000 |
| commit | ffdfd1c3638a4a7470f3999298cd21ba786ee091 (patch) | |
| tree | f51fc54f22c84c499f8a77f0a3b7a099b43aa189 /doc/examples/passhash.cpp | |
| parent | 909847a93cbdec288c9e09e6f21e2be0886e0fb6 (diff) | |
Add a password hashing example. It uses PBKDF2/SHA-1 with 10000 iterations,
a 48-bit seed, and a 96-bit hash. The example can both create new hashes
and confirm existing ones.
Diffstat (limited to 'doc/examples/passhash.cpp')
| -rw-r--r-- | doc/examples/passhash.cpp | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/doc/examples/passhash.cpp b/doc/examples/passhash.cpp new file mode 100644 index 000000000..19b4abc40 --- /dev/null +++ b/doc/examples/passhash.cpp @@ -0,0 +1,76 @@ +#include <botan/botan.h> +#include <botan/pkcs5.h> +#include <iostream> + +using namespace Botan; + +std::string password_hash(const std::string& pass); +bool password_hash_ok(const std::string& pass, const std::string& hash); + +int main(int argc, char* argv[]) + { + if(argc != 2 && argc != 3) + { + std::cerr << "Usage: " << argv[0] << " password\n"; + std::cerr << "Usage: " << argv[0] << " password hash\n"; + return 1; + } + + try + { + LibraryInitializer init; + + if(argc == 2) + std::cout << "H('" << argv[1] << "') = " << password_hash(argv[1]) << '\n'; + else + { + bool ok = password_hash_ok(argv[1], argv[2]); + if(ok) + std::cout << "Password and hash match\n"; + else + std::cout << "Password and hash do not match\n"; + } + } + catch(std::exception& e) + { + std::cerr << e.what() << '\n'; + return 1; + } + return 0; + } + +std::string password_hash(const std::string& pass) + { + PKCS5_PBKDF2 kdf("SHA-1"); + + kdf.set_iterations(10000); + kdf.new_random_salt(6); // 48 bits + + Pipe pipe(new Base64_Encoder); + pipe.start_msg(); + pipe.write(kdf.current_salt()); + pipe.write(kdf.derive_key(12, pass).bits_of()); + pipe.end_msg(); + + return pipe.read_all_as_string(); + } + +bool password_hash_ok(const std::string& pass, const std::string& hash) + { + Pipe pipe(new Base64_Decoder); + pipe.start_msg(); + pipe.write(hash); + pipe.end_msg(); + + SecureVector<byte> hash_bin = pipe.read_all(); + + PKCS5_PBKDF2 kdf("SHA-1"); + + kdf.set_iterations(10000); + kdf.change_salt(hash_bin, 6); + + SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of(); + + return same_mem(cmp.begin(), hash_bin.begin() + 6, 12); + } + |