aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorlloyd <[email protected]>2007-03-09 00:34:42 +0000
committerlloyd <[email protected]>2007-03-09 00:34:42 +0000
commitffdfd1c3638a4a7470f3999298cd21ba786ee091 (patch)
treef51fc54f22c84c499f8a77f0a3b7a099b43aa189 /doc
parent909847a93cbdec288c9e09e6f21e2be0886e0fb6 (diff)
Add a password hashing example. It uses PBKDF2/SHA-1 with 10000 iterations,
a 48-bit seed, and a 96-bit hash. The example can both create new hashes and confirm existing ones.
Diffstat (limited to 'doc')
-rw-r--r--doc/examples/Makefile6
-rw-r--r--doc/examples/passhash.cpp76
2 files changed, 81 insertions, 1 deletions
diff --git a/doc/examples/Makefile b/doc/examples/Makefile
index 78fc65a35..ad650351d 100644
--- a/doc/examples/Makefile
+++ b/doc/examples/Makefile
@@ -14,7 +14,7 @@ RSA_EX = rsa_kgen rsa_enc rsa_dec
DSA_EX = dsa_kgen dsa_sign dsa_ver
DH_EX = dh
HASH_EX = hash hash_fd hasher hasher2 stack
-MISC_EX = factor base base64 bzip encrypt decrypt xor_ciph
+MISC_EX = factor base base64 bzip encrypt decrypt xor_ciph passhash
PROGS = $(X509_EX) $(RSA_EX) $(DSA_EX) $(DH_EX) $(HASH_EX) $(MISC_EX)
@@ -93,6 +93,10 @@ pkcs10: pkcs10.cpp
$(CXX) $(FLAGS) $? $(LIBS) -o $@
@$(STRIP) $@
+passhash: passhash.cpp
+ $(CXX) $(FLAGS) $? $(LIBS) -o $@
+ @$(STRIP) $@
+
rsa_dec: rsa_dec.cpp
$(CXX) $(FLAGS) $? $(LIBS) -o $@
@$(STRIP) $@
diff --git a/doc/examples/passhash.cpp b/doc/examples/passhash.cpp
new file mode 100644
index 000000000..19b4abc40
--- /dev/null
+++ b/doc/examples/passhash.cpp
@@ -0,0 +1,76 @@
+#include <botan/botan.h>
+#include <botan/pkcs5.h>
+#include <iostream>
+
+using namespace Botan;
+
+std::string password_hash(const std::string& pass);
+bool password_hash_ok(const std::string& pass, const std::string& hash);
+
+int main(int argc, char* argv[])
+ {
+ if(argc != 2 && argc != 3)
+ {
+ std::cerr << "Usage: " << argv[0] << " password\n";
+ std::cerr << "Usage: " << argv[0] << " password hash\n";
+ return 1;
+ }
+
+ try
+ {
+ LibraryInitializer init;
+
+ if(argc == 2)
+ std::cout << "H('" << argv[1] << "') = " << password_hash(argv[1]) << '\n';
+ else
+ {
+ bool ok = password_hash_ok(argv[1], argv[2]);
+ if(ok)
+ std::cout << "Password and hash match\n";
+ else
+ std::cout << "Password and hash do not match\n";
+ }
+ }
+ catch(std::exception& e)
+ {
+ std::cerr << e.what() << '\n';
+ return 1;
+ }
+ return 0;
+ }
+
+std::string password_hash(const std::string& pass)
+ {
+ PKCS5_PBKDF2 kdf("SHA-1");
+
+ kdf.set_iterations(10000);
+ kdf.new_random_salt(6); // 48 bits
+
+ Pipe pipe(new Base64_Encoder);
+ pipe.start_msg();
+ pipe.write(kdf.current_salt());
+ pipe.write(kdf.derive_key(12, pass).bits_of());
+ pipe.end_msg();
+
+ return pipe.read_all_as_string();
+ }
+
+bool password_hash_ok(const std::string& pass, const std::string& hash)
+ {
+ Pipe pipe(new Base64_Decoder);
+ pipe.start_msg();
+ pipe.write(hash);
+ pipe.end_msg();
+
+ SecureVector<byte> hash_bin = pipe.read_all();
+
+ PKCS5_PBKDF2 kdf("SHA-1");
+
+ kdf.set_iterations(10000);
+ kdf.change_salt(hash_bin, 6);
+
+ SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of();
+
+ return same_mem(cmp.begin(), hash_bin.begin() + 6, 12);
+ }
+