Adventures in Hashing

So first the good news. I have the authentication working with a test user I added via the web interface that I have created. I'm pretty happy about that but the bad news is that I'm gonna have to break it again because my custom hash algorithm isn't up to snuff. As it stands now someone could in theory figure out what the original password was just is obviously not gonna fly. As much as I rant about people not paying any attention to security I can't let something so glaring slide. Not that Enigma is secure or anything considering all the pieces that are missing for validation and such but you know what I mean I don't want to engineer these issues in.

So anyway here is what lead me to what we have now. First I was trying SHA1 using openssl I have been using that since I first added the login code even though the server just excepted any user with any password. My first problem happened when I couldn't find a way to create a SHA1 hash with the dotnet wrapper for openssl. I'm sure there is a way it just isn't as intuitive as I thought it should be. At which point I decided to just use the Microsoft SHA stuff I mean it's there why not. But I was running into an issue where the hashes didn't match not even close. I'm not sure why because in theory if it is the same algorithm the result should be the same it's not like SHA1 asks for seed values or anything.

So after that didn't work I began working on the custom hash function with one thing in mind that being having the output be able to be handled as a string. What I mean by that is I didn't want any strange non-printable characters and I wanted the thing to be null terminated so strlen and similar functions would function correctly. Hence I implemented my hash function.

Now for a quick run down one of the numbers that is used to mod each character is the length the problem is that the hash has the same length is the original string thus someone trying to obtain the original has that piece of information and the other two are constants. So basically I need something better for my hash function but I still want it to output safe strings so I don't run into some of the same issues I had before. At the same time I'm tempted to put this off but I know I shouldn't.

Alright this is enough for tonight I have college presentations next week and I don't have my presentations completed yet so I need to get on that. Good night and thanks for reading.


Popular posts from this blog

VK9 - Milestone13 Completed

VK9 - Milestone16 Completed

VK9 - Milestone23 Completed