SA-MP Forums Archive
[Include] wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Includes (https://sampforum.blast.hk/forumdisplay.php?fid=83)
+---- Thread: [Include] wphashsalted.inc | Easy to Use Hashing Functions | Salts Included (/showthread.php?tid=449435)


wphashsalted.inc | Easy to Use Hashing Functions | Salts Included | Improve your Passwords' Security - GiamPy. - 08.07.2013

wphashsalted.inc - Easy to Use Hashing Functions | Salts Included | Improve your Passwords' Security
"Two easy to use functions that allow you to hash strings as fast as possible."
Include released under Apache License 2.0 - http://www.apache.org/licenses/LICENSE-2.0.html

#includeapprovedforlazypeople

Functions
Examples

pawn Код:
new saltUsed[50], hashedPassword1[129], hashedPassword2[129];
    
strcat(hashedPassword1, WhirlpoolHashRandom("password", 500, saltUsed, 24), 129);
printf("hashedPassword1 = %s", hashedPassword1);    
    
strcat(hashedPassword2, WhirlpoolHashUnique("password", saltUsed, 500), 129);
printf("hashedPassword2 = %s", hashedPassword2);    
    
if(!strcmp(hashedPassword1, hashedPassword2, false))
    print("The password is correct.");
else
    print("The password is not correct.");
Speed Tests
Testing Code:
pawn Код:
new timer = GetTickCount();
print("The entire process just started.");
    
new saltUsed[50], hashedPassword1[129], hashedPassword2[129];   
    
print("WhirlpoolHashRandom started executing.");
strcat(hashedPassword1, WhirlpoolHashRandom("password", 5000, saltUsed, 24, false), 129);
printf("WhirlpoolHashRandom stopped executing, hash is %s.", hashedPassword1);
        
print("WhirlpoolHashUnique started executing.");
strcat(hashedPassword2, WhirlpoolHashUnique("password", 5000, saltUsed, false), 129);
printf("WhirlpoolHashUnique stopped executing, hash is %s.", hashedPassword2);
        
printf("The entire process took %d milliseconds.", GetTickCount() - timer);
Tests done with an Intel Core i7 920 @ 2,67 Ghz - 4 cores, 8 threads
Changelog
Quote:

R2
- Modified parameters order of WhirlpoolHashRandom.
- Added the paramater iter_append to choose if appending the salt for every iteration. It slightly slows down the process but it increases the security.
- Fixed minor internal documentation mistakes.

R1
- Initial release.
Download
Requirements
Credits


Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - Whitetiger - 08.07.2013

It is useless to hash a password more than once. You already have support for a salt which is plenty secure.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - GiamPy. - 08.07.2013

Quote:
Originally Posted by Whitetiger
Посмотреть сообщение
It is useless to hash a password more than once. You already have support for a salt which is plenty secure.
I think you're a little bit misinformed regarding hashing and salts or password security whatsover.

Hashing a password once is not safe AT ALL for brute-force attacks.
Depending on the computer performances, it may take up to few minutes in order to find your plain text password.

Salting is just a little extra that slightly increases the password security, because it's unlikely the dictionary used for the brute-force attack will have the salt.

However, hashing an hash multiple times (if not hundreds or thousands, like in my example) will turn the brute-force attack into something extremely slow because the computer will need to find every correct combination for every single hash generated, which will take a lot depending on the amount of iterations used on the function.

The question is: what's the good combination of security and speed? Usually, a slow function means a safer password, but in SA-MP, as ****** explained here you need to find an acceptable amount of iterations in order to not make the gameplay experience annoying.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - GiamPy. - 08.07.2013

R2 version added.

Quote:

- Modified parameters order of WhirlpoolHashRandom.
- Added the paramater iter_append to choose if appending the salt for every iteration. It slightly slows down the process but it increases the security.
- Fixed minor internal documentation mistakes.


Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - ReVo_ - 08.07.2013

Код:
#define MAX_SALT_LENGTH  128

stock WhirlpoolHashUnique(string[], times, salt[MAX_SALT_LENGTH] = "", bool: iter_append = false, salt_length = 10)
{
        new stringTaken[258];
        new realsalt [MAX_SALT_LENGTH]; //here i miss c++
        
        if (salt[0] == '\0') {
            randomString(realsalt, salt_length);
        }
        else realsalt = salt;

        if(!iter_append)
        {
                strcat(stringTaken, string, 258);
                strcat(stringTaken, realsalt, 258);

                for(new i = 0; i < times; i++)
                        WP_Hash(stringTaken, 258, stringTaken);
        }
        else
        {
                strcat(stringTaken, string);

                for(new i = 0; i < times; i++)
                {
                        strcat(stringTaken, realsalt);
                        WP_Hash(stringTaken, 258, stringTaken);
                }
        }

        return stringTaken;
}
Test:

Quote:

WhirlpoolHashUnique("Hello world", 4, "Hello");
WhirlpoolHashUnique("Hello world", 4);
What about a single function?

I used MAX_SALT_LENGTH to avoid error for

"
realsalt = salt;
"

ofc, you can use ofc a different way.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - GiamPy. - 08.07.2013

In your method there would be no way to retrieve the salt generated, that's why I have made two functions.

If I'd then try to do something like WhirlpoolHashUnique("Hello world", 4, string); the function will not store the randomly generated salt into string, but it will be used for the hash concatenation.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - ReVo_ - 08.07.2013

I dont see a way to take the random salt in your WhirlpoolHashRandom too, correct me if i'm wrong.

stock WhirlpoolHashRandom(string[], times, salt[], salt_length, bool: iter_append = false)

salt isnt passed as reference, so you dont store the salt.

EDit: sorry for who read, string are always passed as reference.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - GiamPy. - 08.07.2013

Yes, it is stored in the variable used in the third parameter.
Strings are always passed as reference.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - ReVo_ - 08.07.2013

Yeah, you are right. I cant edit due to connect problems anyway too shit C# llanuange with ref/out keywords let me do this fail.

Anyway im pretty sure can be done with my code i will see anothet day if i remeber this include.

Re: wphashsalted.inc | Easy to Use Hashing Functions | Salts Included - Whitetiger - 08.07.2013

http://crackstation.net/hashing-security.htm