aboutsummaryrefslogtreecommitdiffstats
path: root/src/constructs/passhash
Commit message (Collapse)AuthorAgeFilesLines
* Move password hashing schemes to src/passhashlloyd2011-02-173-207/+0
| | | | | Set the upper limit on bcrypt hashing to workfactor 18, which takes about 25 seconds to run on my desktop machine.
* Rename the base64 filter and macro names in prep for addinglloyd2010-10-271-1/+1
| | | | standalone/Pipe-free versions of it
* s/u32bit/size_t/lloyd2010-10-181-9/+9
|
* More vector->pointer conversion removals.lloyd2010-09-131-1/+1
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-2/+2
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* For passhash9, add another interface that allows the caller to specifylloyd2010-08-222-14/+35
| | | | | | | | | | | which PRF they want to use. The old interface just calls this new version with alg_id set to 0 which is HMAC(SHA-1), which was previously the only supported PRF. Assign new codepoints for HMAC(SHA-256) and CMAC(Blowfish) to allow their use with passhash9. Have the generate+check tests run a test for each supported PRF.
* Avoid name collision in amalgamationlloyd2010-06-221-5/+10
|
* Fix a few hundred Doxygen warningslloyd2010-06-151-1/+1
|
* Clean up catch and returnlloyd2010-03-011-5/+1
|
* In get_pbkdf_prf, catch Algorithm_Not_Found and return nulllloyd2010-03-011-2/+10
|
* passhash9: Ensure that choose_pbkdf_prf returns a PRF if possiblelloyd2010-03-011-2/+8
|
* Further passhash changes before release and things have to belloyd2010-02-054-105/+136
| | | | | | | | | | | | | | finalized. Move header to passhash9.h and rename the functions to be passhash9 specific ({generator,check}_passhash9) Add an algorithm identifer field. Currently only id 0 is defined, for HMAC(SHA-1), but this opens up for using HMAC(SHA-512) or HMAC(SHA-3) or CMAC(Blowfish) or whatever in the future if necessary. Increase the salt size to 96 bits and the PRF output size to 192 bits. Document in api.tex
* Prefix passhash with "$9$" in a manner similar with otherlloyd2010-02-023-16/+31
| | | | | | | | | | | | | | | | password hashing schemes. Increase salt size to 80 bits. Research shows that virtually no other PBKDF2 implementations support anything but SHA-1; for ease of implementation elsehwere switch back from SHA-512 to SHA-1. Should be mostly harmless; it limits total entropy of the password to a maximum of 160 bits, but this is unlikely anyway. Use two bytes to specify the work factor for future-proofing. Add a test.
* Password hashing is a pretty useful service, really. Move the guts oflloyd2010-02-013-0/+125
the passhash example to the library. Support variable work factors; default work factor of 10 takes about half a second to do one password on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep the output evenly sized for base64 purposes, reduce PBKDF2 output size by one byte (to 112 bits).
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 19:41:16 +0000