[+] Added "Safer" variants to bcrypt when using string containers
This commit is contained in:
parent
0461b54045
commit
2da8332c0f
@ -7,6 +7,14 @@
|
||||
|
||||
Note: MD5 ($1$), the other numberic methods, and non-standard unix fuckery (ie: $sha1$) isn't implemented.
|
||||
This API implements $2x$-class password hashing and verification
|
||||
|
||||
Note 2: BCrypt is really fucky when it comes to NULL termination. A bunch of libraries were vulnerable to \x00 injection.
|
||||
In addition, the final NULL termination is supposed to be carried into the hash. For this reason we use AuStrings
|
||||
instead of memory views by default. Only use the MemoryView with an additional NUL byte otherwise your hashes will
|
||||
not be compatible with other software. This could be a problem for database [accessing?] software.
|
||||
|
||||
Note 3: ...with AuStrings being recommended to prevent fuck-ups between other bcrypt implementations, the [...]Safer variants
|
||||
enforce zeroing out of the passwords character buffer before the function returns.
|
||||
***/
|
||||
#pragma once
|
||||
|
||||
@ -18,7 +26,9 @@ namespace Aurora::Crypto::BCrypt
|
||||
|
||||
AUKN_SYM AuString HashPassword(const AuString &password, const AuString &salt);
|
||||
AUKN_SYM AuString HashPasswordEx(const Memory::MemoryViewRead &password, const AuString &salt);
|
||||
AUKN_SYM AuString HashPasswordSafer(AuString &&password, const AuString &salt);
|
||||
|
||||
AUKN_SYM bool CheckPassword(const AuString &password, const AuString &hashedPassword);
|
||||
AUKN_SYM bool CheckPasswordEx(const Memory::MemoryViewRead &password, const AuString &hashedPassword);
|
||||
AUKN_SYM bool CheckPasswordSafer(AuString &&password, const AuString &hashedPassword);
|
||||
}
|
@ -69,6 +69,14 @@ namespace Aurora::Crypto::BCrypt
|
||||
return pRet;
|
||||
}
|
||||
|
||||
|
||||
AUKN_SYM AuString HashPasswordSafer(AuString &&password, const AuString &salt)
|
||||
{
|
||||
auto ret = HashPassword(password, salt);
|
||||
AuMemset(password.data(), 0, password.size());
|
||||
return ret;
|
||||
}
|
||||
|
||||
AUKN_SYM bool CheckPassword(const AuString &password, const AuString &hashedPassword)
|
||||
{
|
||||
return CheckPasswordEx({ password.c_str(), password.size() + 1 }, hashedPassword);
|
||||
@ -99,6 +107,16 @@ namespace Aurora::Crypto::BCrypt
|
||||
}
|
||||
|
||||
// I don't care about safe eval...
|
||||
// I refuse to believe side channel attacks are possible outside of circlejerk academic settings.
|
||||
// Especially with vectorization optimizations of memcpy. Even if you could tell how quickly we fail,
|
||||
// it's highly unlikely you could backfeed this into bcrypt to reguess a similar digest string.
|
||||
return cryptBuffer == hashedPassword;
|
||||
}
|
||||
|
||||
AUKN_SYM bool CheckPasswordSafer(AuString &&password, const AuString &hashedPassword)
|
||||
{
|
||||
auto ret = CheckPassword(password, hashedPassword);
|
||||
AuMemset(password.data(), 0, password.size());
|
||||
return ret;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user