[Include] wphashsalted.inc | Easy to Use Hashing Functions | Salts Included
#1

wphashsalted.inc - Easy to Use Hashing Functions | Salts Included | Improve your Passwords' Security
"Two easy to use functions that allow you to hash strings as fast as possible."
Include released under Apache License 2.0 - http://www.apache.org/licenses/LICENSE-2.0.html

#includeapprovedforlazypeople

Functions
  • WhirlpoolHashUnique(string[], times, salt[], bool: iter_append = false)
    string[] - Takes the string you would like to hash.
    times - How many times does the function have to hash the string before returning the value.
    salt[] - Takes a unique salt that will be concatenated with the string and hashed together.
    (R2-only) bool: iter_append - Choose if you'd like to append the salt for every iteration or not. It increase the security but it slightly slows down the process.
    returns the Whirlpool hashed string.


    Example:

    pawn Код:
    WhirlpoolHashUnique("TestingString", "RandomStringAsSalt", 500, true);
    This function will returned a Whirlpool string ("TestingString") hashed 500 times with an unique salt ("RandomStringAsSalt") concatenated for every iteration.

  • WhirlpoolHashRandom(string[], times, salt[], salt_length, bool: iter_append = false)
    string[] - Takes the string you would like to hash.
    times - How many times does the function have to hash the string before returning the value.
    salt[] - Reference string that contains the salt returned by randomString();
    salt_length - How many characters will contain the salt.
    (R2-only) bool: iter_append - Choose if you'd like to append the salt for every iteration or not. It increase the security but it slightly slows down the process.
    returns the Whirlpool hashed string.


    Example:

    pawn Код:
    // Make sure the local variable length is big enough as you've entered in the hashing function.
    new saltUsed[50];
    WhirlpoolHashRandom("TestingPassword", saltUsed, 250, 45, true);
    This function will returned a Whirlpool string ("TestingString") hashed 250 times with an unique salt randomly generated of 45 length and stored inside "saltUsed" concatenated for every iteration.
Examples

pawn Код:
new saltUsed[50], hashedPassword1[129], hashedPassword2[129];
   
strcat(hashedPassword1, WhirlpoolHashRandom("password", 500, saltUsed, 24), 129);
printf("hashedPassword1 = %s", hashedPassword1);   
   
strcat(hashedPassword2, WhirlpoolHashUnique("password", saltUsed, 500), 129);
printf("hashedPassword2 = %s", hashedPassword2);   
   
if(!strcmp(hashedPassword1, hashedPassword2, false))
    print("The password is correct.");
else
    print("The password is not correct.");
Speed Tests
Testing Code:
pawn Код:
new timer = GetTickCount();
print("The entire process just started.");
   
new saltUsed[50], hashedPassword1[129], hashedPassword2[129];  
   
print("WhirlpoolHashRandom started executing.");
strcat(hashedPassword1, WhirlpoolHashRandom("password", 5000, saltUsed, 24, false), 129);
printf("WhirlpoolHashRandom stopped executing, hash is %s.", hashedPassword1);
       
print("WhirlpoolHashUnique started executing.");
strcat(hashedPassword2, WhirlpoolHashUnique("password", 5000, saltUsed, false), 129);
printf("WhirlpoolHashUnique stopped executing, hash is %s.", hashedPassword2);
       
printf("The entire process took %d milliseconds.", GetTickCount() - timer);
Tests done with an Intel Core i7 920 @ 2,67 Ghz - 4 cores, 8 threads
  • 100 iterations with salt iteration concatenation:
    Quote:

    [00:13:39] The entire process just started.
    [00:13:39] WhirlpoolHashRandom started executing.
    [00:13:39] WhirlpoolHashRandom stopped executing, hash is 48AD51DE0CFE8A30E92ED27040855770FEA716411153A50D47 A61B31704E21DEC9908D28E4C9F681FBA45E4949A4CCB50E42 71803ED47B30ADCF75E22B720C38.
    [00:13:39] WhirlpoolHashUnique started executing.
    [00:13:39] WhirlpoolHashUnique stopped executing, hash is 48AD51DE0CFE8A30E92ED27040855770FEA716411153A50D47 A61B31704E21DEC9908D28E4C9F681FBA45E4949A4CCB50E42 71803ED47B30ADCF75E22B720C38.
    [00:13:39] The entire process took 5 milliseconds.

  • 1000 iterations with salt iteration concatenation:
    Quote:

    [00:14:20] The entire process just started.
    [00:14:20] WhirlpoolHashRandom started executing.
    [00:14:20] WhirlpoolHashRandom stopped executing, hash is 8DBC216179F6AAB3E52FA4D73760D517FA283FF124559EF4EA E099D6AA009D43AA162EABE70EA179FEA0B608F73861BF1771 71F065B7ECBC52741AC8EE3A93B4.
    [00:14:20] WhirlpoolHashUnique started executing.
    [00:14:20] WhirlpoolHashUnique stopped executing, hash is 8DBC216179F6AAB3E52FA4D73760D517FA283FF124559EF4EA E099D6AA009D43AA162EABE70EA179FEA0B608F73861BF1771 71F065B7ECBC52741AC8EE3A93B4.
    [00:14:20] The entire process took 20 milliseconds.

  • 10000 iterations with salt iteration concatenation:
    Quote:

    [00:14:52] The entire process just started.
    [00:14:52] WhirlpoolHashRandom started executing.
    [00:14:52] WhirlpoolHashRandom stopped executing, hash is B3D09A9BD8709E5584DDFC5D3CFC70ED9195FE4194F2202200 DAFE1FDCF222DDD28AA795932EB54A607B208187B1FDC5D4E8 78F619899D542EBFFD6A85A00FE6.
    [00:14:52] WhirlpoolHashUnique started executing.
    [00:14:52] WhirlpoolHashUnique stopped executing, hash is B3D09A9BD8709E5584DDFC5D3CFC70ED9195FE4194F2202200 DAFE1FDCF222DDD28AA795932EB54A607B208187B1FDC5D4E8 78F619899D542EBFFD6A85A00FE6.
    [00:14:52] The entire process took 181 milliseconds.

  • 25000 iterations with salt iteration concatenation:
    Quote:

    [00:15:36] The entire process just started.
    [00:15:36] WhirlpoolHashRandom started executing.
    [00:15:37] WhirlpoolHashRandom stopped executing, hash is 018A7176EEA2869223AAEAC7A458461DB3473B7CFEF5EC5945 D9B2CFA71EDDB326947274EFAEF26127D767FA4765FA51B788 4FF7DAEF571EC7035CB03ABA3139.
    [00:15:37] WhirlpoolHashUnique started executing.
    [00:15:37] WhirlpoolHashUnique stopped executing, hash is 018A7176EEA2869223AAEAC7A458461DB3473B7CFEF5EC5945 D9B2CFA71EDDB326947274EFAEF26127D767FA4765FA51B788 4FF7DAEF571EC7035CB03ABA3139.
    [00:15:37] The entire process took 443 milliseconds.

  • 50000 iterations with salt iteration concatenation:
    Quote:

    [00:17:02] The entire process just started.
    [00:17:02] WhirlpoolHashRandom started executing.
    [00:17:02] WhirlpoolHashRandom stopped executing, hash is FA43E2B1B572D4CEB5B18FEA98535FD8992D05513F0304053A 92637059ED033FB3E5EC4A2986F2429984324B59FBB3BCB62D F5AB5420B5B330D4A19CA7F25ECC.
    [00:17:02] WhirlpoolHashUnique started executing.
    [00:17:03] WhirlpoolHashUnique stopped executing, hash is FA43E2B1B572D4CEB5B18FEA98535FD8992D05513F0304053A 92637059ED033FB3E5EC4A2986F2429984324B59FBB3BCB62D F5AB5420B5B330D4A19CA7F25ECC.
    [00:17:03] The entire process took 889 milliseconds.

  • 100000 iterations with salt iteration concatenation:
    Quote:

    [00:17:48] The entire process just started.
    [00:17:48] WhirlpoolHashRandom started executing.
    [00:17:49] WhirlpoolHashRandom stopped executing, hash is CE415C9F912581121E3139CF645F3427057523703CB9F21DC8 5F13088F43ABE3BEE2CF42E5B0864A8F25514959F3FDDD3CCA 5AEF229FFF1E74886128A31134CD.
    [00:17:49] WhirlpoolHashUnique started executing.
    [00:17:49] WhirlpoolHashUnique stopped executing, hash is CE415C9F912581121E3139CF645F3427057523703CB9F21DC8 5F13088F43ABE3BEE2CF42E5B0864A8F25514959F3FDDD3CCA 5AEF229FFF1E74886128A31134CD.
    [00:17:49] The entire process took 1771 milliseconds.

Changelog
Quote:

R2
- Modified parameters order of WhirlpoolHashRandom.
- Added the paramater iter_append to choose if appending the salt for every iteration. It slightly slows down the process but it increases the security.
- Fixed minor internal documentation mistakes.

R1
- Initial release.

Download
Requirements
Credits
Reply
#2

It is useless to hash a password more than once. You already have support for a salt which is plenty secure.
Reply
#3

Quote:
Originally Posted by Whitetiger
Посмотреть сообщение
It is useless to hash a password more than once. You already have support for a salt which is plenty secure.
I think you're a little bit misinformed regarding hashing and salts or password security whatsover.

Hashing a password once is not safe AT ALL for brute-force attacks.
Depending on the computer performances, it may take up to few minutes in order to find your plain text password.

Salting is just a little extra that slightly increases the password security, because it's unlikely the dictionary used for the brute-force attack will have the salt.

However, hashing an hash multiple times (if not hundreds or thousands, like in my example) will turn the brute-force attack into something extremely slow because the computer will need to find every correct combination for every single hash generated, which will take a lot depending on the amount of iterations used on the function.

The question is: what's the good combination of security and speed? Usually, a slow function means a safer password, but in SA-MP, as ****** explained here you need to find an acceptable amount of iterations in order to not make the gameplay experience annoying.
Reply
#4

R2 version added.

Quote:

- Modified parameters order of WhirlpoolHashRandom.
- Added the paramater iter_append to choose if appending the salt for every iteration. It slightly slows down the process but it increases the security.
- Fixed minor internal documentation mistakes.

Reply
#5

Код:
#define MAX_SALT_LENGTH  128

stock WhirlpoolHashUnique(string[], times, salt[MAX_SALT_LENGTH] = "", bool: iter_append = false, salt_length = 10)
{
        new stringTaken[258];
        new realsalt [MAX_SALT_LENGTH]; //here i miss c++
        
        if (salt[0] == '\0') {
            randomString(realsalt, salt_length);
        }
        else realsalt = salt;

        if(!iter_append)
        {
                strcat(stringTaken, string, 258);
                strcat(stringTaken, realsalt, 258);

                for(new i = 0; i < times; i++)
                        WP_Hash(stringTaken, 258, stringTaken);
        }
        else
        {
                strcat(stringTaken, string);

                for(new i = 0; i < times; i++)
                {
                        strcat(stringTaken, realsalt);
                        WP_Hash(stringTaken, 258, stringTaken);
                }
        }

        return stringTaken;
}
Test:

Quote:

WhirlpoolHashUnique("Hello world", 4, "Hello");
WhirlpoolHashUnique("Hello world", 4);

What about a single function?

I used MAX_SALT_LENGTH to avoid error for

"
realsalt = salt;
"

ofc, you can use ofc a different way.
Reply
#6

In your method there would be no way to retrieve the salt generated, that's why I have made two functions.

If I'd then try to do something like WhirlpoolHashUnique("Hello world", 4, string); the function will not store the randomly generated salt into string, but it will be used for the hash concatenation.
Reply
#7

I dont see a way to take the random salt in your WhirlpoolHashRandom too, correct me if i'm wrong.

stock WhirlpoolHashRandom(string[], times, salt[], salt_length, bool: iter_append = false)

salt isnt passed as reference, so you dont store the salt.

EDit: sorry for who read, string are always passed as reference.
Reply
#8

Yes, it is stored in the variable used in the third parameter.
Strings are always passed as reference.
Reply
#9

Yeah, you are right. I cant edit due to connect problems anyway too shit C# llanuange with ref/out keywords let me do this fail.

Anyway im pretty sure can be done with my code i will see anothet day if i remeber this include.
Reply
#10

http://crackstation.net/hashing-security.htm
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)