So, if we change
For b As Int8 = 0 To hashData.Size - 1
hex = hex + hashData.Int8Value(b).ToHex(2)
Next
for
For b As UInt8 = 0 To hashData.Size - 1
hex = hex + hashData.UInt8Value(b).ToHex(2)
Next
v2018 will no longer find the need to create such large hex strings to handle the security problem?
[quote=414183:@Ralph Alvy]So, if we change
For b As Int8 = 0 To hashData.Size - 1
hex = hex + hashData.Int8Value(b).ToHex(2)
Next
for
For b As UInt8 = 0 To hashData.Size - 1
hex = hex + hashData.UInt8Value(b).ToHex(2)
Next
v2018 will no longer find the need to create such large hex strings to handle the security problem?[/quote]
No, the Int8 to UInt8 is a workaround so Xojo2017 will give the correct results. It will give the same (correct) results than Xojo2018.
If you have users with the wrong hash and you don’t want your users to change their passwords, you can use Gino’s code, I think it calculates the correct hash but also the hash that it was previously created to let users in if the password entered create those hashes.
[quote=414211:@Alberto De Poo]No, the Int8 to UInt8 is a workaround so Xojo2017 will give the correct results. It will give the same (correct) results than Xojo2018.
If you have users with the wrong hash and you don’t want your users to change their passwords, you can use Gino’s code, I think it calculates the correct hash but also the hash that it was previously created to let users in if the password entered create those hashes.[/quote]
I thought Gino was also saying that if I leave Int8 in the code, and I use Xojo2018 to create the hash, it will create hash that is unnecessarily large, and that I can decrease its size considerably by using UInt8.
Here’s the place Gino talks about that:
[quote]In 2018r1 this problem is fixed, but you get stuff like -127 => “FFFFFFFFFF01”, -111 => “FFFFFFFFFF11”, …
So here you see the differences, but its still way too large
The simple sollution: change int8 by uint8 and this fixes your code, but breaks every password.[/quote]
Ok. I just tested this and you are correct. Xojo2017r3 with UInt8 produces the same hash as Xojo2018r3 with Int8. Thank you Alberto.
[quote]In 2018r1 this problem is fixed, but you get stuff like -127 => “FFFFFFFFFF01”, -111 => “FFFFFFFFFF11”, …
So here you see the differences, but its still way too large
The simple sollution: change int8 by uint8 and this fixes your code, but breaks every password.[/quote]
Well I don’t know about that, my information is from testing the code in this blog post:
With 2018r3 it doesn’t matter if int8 or uint8 is used, the hash is the same. If you use 2017r3 then using UInt8 make the hash correct and Int8 you can see a lot of 0 where should be between 9-F in many cases.
Edit: I was writing this post and after I posted I saw your message. Glad it was helpful.