I was implementing an HTTPS client/server example just for learning purpose using the book "Implementing SSL / TLS Using Cryptography and PKI" by Joshua Davies. It contains an example implementation with C source code. I just tried to build a HTTPS client using that source code. But, in tls.c file it uses two macros MD5_BYTE_SIZE
and SHA1_BYTE_SIZE
and I can't see any values defined for these macros in that book. I tried with permutations of 16,24,32 for both macros but failed in SSL handshaking, and greater values causes segmentation fault. I hope if anybody familiar with this book can help me
Xamarin, Portable multiplatform solution, portable project section
For MD5 hashing I create class md5. add to project referece PCLCrypto.dll.
using System;using System.Collections.Generic;using System.Linq;using System.Text;using PCLCrypto;using static PCLCrypto.WinRTCrypto;namespace WCHSBMobile{ public static class md5 { public static string GetMD5hash(string data) { //string result = data; IHashAlgorithmProvider algoProv = PCLCrypto.WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Md5); byte[] dataB = Encoding.UTF8.GetBytes(data); byte[] dataHash = algoProv.HashData(dataB); var hex = new StringBuilder(dataHash.Length * 2); foreach (byte b in dataHash) { hex.AppendFormat("{0:x2}", b); } return hex.ToString(); //return result; } }}
When testing on android on this line I get Runtime error IHashAlgorithmProvider algoProv = PCLCrypto.WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Md5); I get the errorPCLCrypto.NotImplementedByReferenceAssemblyException: This is a reference assembly and does not contain implementation. Be sure to install the PCLCrypto package into your application so the platform implementation assembly will be used at runtime.What should I do? Can you advice me any solution?Thank you
I am creating a simple DB access application using C++, and I have added Users Table containing: ID, USER, PASSWORD and SALT, and I am using Crypto++ as crypto backend. So I created this function:
#include "crypto.h"#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1#include <md5.h>#include <hex.h>#include <osrng.h>using namespace std;using namespace CryptoPP;string MyCrypto::MD5(const string strMessage){ byte arrbyDigest[Weak::MD5::DIGESTSIZE]; Weak::MD5 hash; hash.CalculateDigest(arrbyDigest, /*(const byte*)*/strMessage.c_str(), strMessage.length()); HexEncoder encoder; string strOutput; encoder.Attach(new StringSink(strOutput)); encoder.Put(arrbyDigest, sizeof(arrbyDigest)); encoder.MessageEnd(); return strOutput;}string MyCrypto::GenerateSalt(const size_t length /*= 16*/){ SecByteBlock arrbySalt(length); AutoSeededRandomPool asrp; asrp.GenerateBlock(arrbySalt, length); string strSalt(arrbySalt); strSalt.ToAscii(); return strSalt;}
So good so far, all is working fine until I realized that the generated salt string can contain non-printable characters even null termination character
So my questions are:
Am I doing it the right way ?
Is the length of the salt 16 as I did the practical way ?
Should I encrypt the salt string in Base 64, HEX or leave it as plain text when concatenating it with the plain password string before the MD5 hash ?
Should I encrypt the salt string in Base 64, HEX or leave it as plain text when saving it to the database ?
What are your suggestions ?
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlibpassw='alice'salt='kDHTx'hashed= hashlib.md5(salt+passw).hexdigest()print('What i get is: '+hashed)print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
When I run the following on my Macbook, I get the error:
>>> import hashlib>>> hashlib.md5(usedforsecurity=False)Traceback (most recent call last): File "<stdin>", line 1, in <module>TypeError: openssl_md5() takes no keyword arguments
But when I run it on my Linux box, it works!
>>> import hashlib>>> hashlib.md5(usedforsecurity=False)<md5 HASH object @ 0x7f763c1375d0>
My problem is, I need to run some safe, non-security related code on my FIPS enabled system (such as managing a cache of user requests which hashes the user query as an MD5 string). Using the usedforsecurity
flag prevents a FIPs exception.
This works fine, except when I want to test my code on my Macbook. My Macbook's "libcrypto" library apparently doesn't support this usedforsecurity
flag. Is there a good way to detect if the underlying C bindings behind hashlib.md5
support this flag or not?
Please note that by viewing our site you agree to our use of cookies (see एकांत for details). You will only see this message once.