So my software saves passwords as hash data values using Xojo.Crypto.PBKDF2. A password saved with the app built in 2017r2 cannot be matched using the same exact function when the app is built in 2018r11.
Here’s the ToHash code:
[code]Protected Function ToHash(password as text, withSalt as text) as Text
Dim passwordData As Xojo.Core.MemoryBlock
passwordData = Xojo.Core.TextEncoding.UTF8.ConvertTextToData(password)
Dim salt As Text
if withSalt = “” then
salt = RandoID() //makes random 6 letter string
else
salt = withSalt
end if
Dim saltData As Xojo.Core.MemoryBlock
saltData = Xojo.Core.TextEncoding.UTF8.ConvertTextToData(salt)
Dim combinedData As New Xojo.Core.MutableMemoryBlock(passwordData)
If Not salt.Empty Then
combinedData.Append(saltData)
End If
Dim hashData As Xojo.Core.MemoryBlock
hashData = Xojo.Crypto.PBKDF2(saltData, passwordData, 500, 32, Xojo.Crypto.HashAlgorithms.SHA256)
// Convert hashData to hex for display
Dim hex As Text
For b As Int8 = 0 To hashData.Size - 1
hex = hex + hashData.Int8Value(b).ToHex(2)
Next
Return salt+hex
End Function
[/code]
The salt is a random 6 letter code generated when it is saved and easily accessed when checking against the saved hash value. The value for the password “sample” with the salt “QNACSXR” will produce the following:
2017: QNACSXR2D20117D0522635C090E7905450F1C0C4709060C0B010119087601130E480D0F
2018: QNACSXR2D20117DE522635CE9BE79B5450F1C8C47B9D6CC9B010119E876C1130E489D8F
The values are very close, but obviously different, which means that using 2018r11 users couldn’t get into their saved files because the passwords don’t match. None of my code for this has changed and it has worked for quite some time now, so something in Xojo had to have changed that’s affecting this.