PHP to Xojo

Jorge_Brito · November 27, 2016, 3:19am

$salt = substr(md5(uniqid(rand(), true)), 0, 9)
$password = sha1($salt . sha1($salt . sha1($password)))

I need save a salt and a password field in a Mysql database using the above encryption (PHP)
Please help me to achieve in Xojo

Thanks in advance

Kem_Tekinay · November 27, 2016, 4:18am

If you haven’t coded this already, you should really looking into using PBKDF@ or bcrypt instead of this scheme. PBKDF2 is built into Xojo through the Crypto module while bcrypt is available through my Blowfish classes.

Otherwise, let me take a crack at this:

dim salt as string = Crypto.GenerateRandomBytes( 9 )
dim pw as string = _
    Crypto.SHA1( salt + Crypto.SHA1( salt + Crypto.SHA1( password ) ) )

Asis_Patisahusiwa · November 27, 2016, 6:45am

Code by @Kem Tekinay above will give you error

Undefined operator. Type string does not define "Operator_Add" with type MemoryBlock

It should be divided into several string variables.

Xojo version

  dim password as String
  dim salt as String = Mid(MD5(uniqid(Str(Rnd), True)), 1, 9)
  dim shapass as String = Crypto.sha1(password)
  dim shaalt as String = Crypto.sha1(salt + shapass)
  password = Crypto.sha1(salt + shaalt)

while uniqid,

Private Function uniqid(prefix as String = "", moreEntropy as boolean = false) as String
  dim mt as Double = Microseconds()
  dim fmt as UInt64 = Floor(mt)
  dim mfmt as UInt64 = (mt-Floor(mt))*1000000
  dim h as String = Hex(fmt)
  dim h1 as String = Hex(mfmt)
  dim first as String = h.Mid(1, 8)
  dim second as String = h1.Mid(1,5)
  
  dim result(-1) as String
  result.Append prefix
  result.Append first
  result.Append second
  
  If moreEntropy Then
    // please replace this with Combined Linear Congruential Generator
    dim r as new Random
    dim e as UInt64 = r.InRange(10000000, 99999999)
    result.Append "."
    result.Append Str(e)
  End If
  
  Return Join(result, "")
End Function

In this code, you need to make sure that you’re using non floating-point datatype when passing to Hex function

dim mt as Double = Microseconds()
dim fmt as UInt64 = Floor(mt)
dim mfmt as UInt64 = (mt-Floor(mt))*1000000
dim h as String = Hex(fmt)
dim h1 as String = Hex(mfmt)

a bug, maybe?

To prove it, this code will give you a different result

dim a as Double = Microseconds()    //5749509710.6709995269775391
dim b as UInt64 = a                 //5749509710

dim ha as String = Hex(a)           //80000000
dim hb as String = Hex(b)           //156B28E4E

shao_sean · November 27, 2016, 6:50am

https://crackstation.net/hashing-security.htm

An interesting read about protecting passwords…

Thom_McGrath · November 27, 2016, 7:10am

Ditto. Read the page shao sean posted, then do what Kem says. The code you’re looking to port is bad practice.

Emile_Schwarz · November 27, 2016, 10:29am

According with Xojo advertising for Black Friday:

Create Powerful Apps for the Web & Desktop NO HTML, CSS, JAVASCRIPT, AJAX, [b]PHP[/b]

This is a Sunday smile

Jorge_Brito · November 27, 2016, 1:51pm

I 'm obligated to obtain the same result as with PHP code, I’m trying to migrate some data from my ERP to AbanteCart database structures and for
the customers one need this encryption mode
I will try your suggestions later today
Thanks you very much to all