Hi, I play with ":CryptoExample.xojo_binary_project in the folder “Framework” of “Example Projects”.
And I try to obtain the same result as on this page : http://aspirine.org/htpasswd.html
I enter in the left TextArea :
MyUser1 MyPassword1
MyUser2 MyPassword2
I choose “MD5” and I click the button under the right TextArea “Générer le contenu du fichier htpasswd” = “Generate content of file htpasswd”.
The result is :
In the “Pressed” event of “GenerateButton” of the Xojo project, I removed the EncodeHex() : ResultArea.Text = EncodeHex(hash)
become ResultArea.Text = hash
If I enter “MyPassword1” in the Xojo project and choose MD5, the result is “�’MVR��"�����E�_”.
How to get the result “QRcPnCFU$zac2iljvdiBqtP0ramNJn/”
I got the impression from someone that the crypto lib can support these things, we just need to request the algorithms we need.
Would someone make a ticket that provides the things we need to Bcrypt? Or should I just make a ticket for “Please add bcrypt methods to Crypto”? The Module Kem wrote is too slow to use for serious matters, and currently you need plugins as a workaround.
I’m okay with plugins, but it’d be cool to be able to use Bcrypt with the framework if it can already support it. Especially to promote secure password hashing with Web 2.0 apps.
Sorry to derail, it’s sort of related and I’ve been pondering this for a while.
We use that module in production code and have for years. When compiled in Aggressive mode, it is around as fast, or even faster than, other implementations I’ve tested.
That’s what I was hoping someone else knew. I don’t know the technicals beyond how to do this with M_Crypt, Einhugur, and MBS. I can describe how I want it to work, but not the crypto lib we need.
MD5 APR uses a random salt. If you run the same password twice you will get 2 different hashes for the same “password”. You just can’t compare it. There’s a validation algorithm for it. You must provide the MD5 APR hash originated with an unknown salt, the tentative password, and the algorithm will return true/false if it’s a valid hash for such password.
Thank you all. I search how to use the Shell command “htpasswd” and the code below seems to work :
Dim CdeShell as New Shell
Dim TampText as String
CdeShell.Execute "htpasswd -n -b -m " + DataUser.Text + " " + DataPassword.Text
If CdeShell.ExitCode = 0 Then ' -m (MD5) is the default
TampText = CdeShell.Result
Else
TampText = ""
End If
CdeShell.Close
TampText contains the line I need : “MyUserName:MyEncryptPassword” .