I think I last used this in Pharo 1.3
#greaseString is just a cross platform #asString so you could change those
for your updated package.
here's a version of #randomBCryptSalt: that will work OK.
randomBCryptSalt: saltSize
| combined targetStream char random |
combined:='0123456789ABCDEFGHIJKLMNOPQRSTUVWXZYabcdefghijklmnopqrstuvwxyz'.
targetStream := WriteStream on: (String new: saltSize ).
random := Random new.
[targetStream contents size <= saltSize] whileTrue:
[char :=combined
at: (random next * (combined
size - 1)) rounded + 1.
char isAlphaNumeric ifTrue: [targetStream nextPut:
char]].
^targetStream contents
After implementing that you could change #randomBCryptSaltData to
randomBCryptSaltData
^self randomBCryptSalt: self saltDataLength
To load FFI into old pharo its probably not a good idea to use #lastVersion
but instead #stableVersion.
Gofer new
squeaksource: 'MetacelloRepository';
package: 'ConfigurationOfFFI';
load.
(Smalltalk at: #ConfigurationOfFFI) project stableVersion load
Let me know what other issues you run into.
Jan Blizničenko wrote
> Ah, it seems I just did not switched it on - it does not work after all.
>
> I tried it with PasswordHashingFFI-PaulDeBrulcker.16.mcz, but also with 15
> and 8.
>
> On Pharo 5, it calls many methods which I do not have in my environment,
> for example in BCryptLinuxFFI>>#generateBCryptSalt: there is line with
> "self randomBCryptSalt: saltSize", but there is no implementor of
> "randomBCryptSalt:". Also, in many methods of BCryptLinuxFFI there are
> message sends "greaseString" to variables cointaining probably integers,
> but there is also no implementor of greaseString.
>
> So I tried it on Pharo 4 - it does not even load, because it needs class
> ExternalStructure. So I found I need to download the FFI, I tried to do so
> using code below, but loading failed with MessageNotUnderstood: receiver
> of "selector" is nil.
>
> Gofer new
> squeaksource: 'MetacelloRepository';
> package: 'ConfigurationOfFFI';
> load.
> (Smalltalk at: #ConfigurationOfFFI) project lastVersion load
>
> So, I'm not sure what to try next to make it work.
>
> Jan
> Jan Blizničenko wrote
>> Thank you a lot! :)
>>
>> I tried it in Pharo 5 and everything seems to be working (I just had to
>> apt-get install libxcrypt:i386, load packages Cryptography, Blowfish (not
>> sure if really needed though) and PasswordHashingFFI and manually create
>> link in directory where it expected libxcrypt.so.1). About the FFI for
>> Pharo 5/6, maybe that's what Esteban Maringolo did in commit
>> "Cryptography-EstebanMaringolo.50" on 15 September 2016 "Version ready to
>> be loaded in Pharo 5.0 without affecting Kernel or System packages.".
>>
>> Scrypt would be even better to have, but I'm grateful enough for now
>> since it was all easier and faster than I expected.
>>
>> Jan
>> Paul DeBruicker wrote
>>> And to add scrypt to that FFI library would be trivial if you have a
>>> 32bit version of scrypt but I don't think there is one. I'd be happy to
>>> learn I'm wrong though. And thats assuming you're using 32 bit pharo,
>>> which is whats stable/released right now.
>>>
>>>
>>>
>>>
>>> Paul DeBruicker wrote
>>>> I made a crypt/bcrypt ffi library for older versions of Pharo that
>>>> sounds like it meets your needs and is in the cryptography project
>>>> here:
>>>>
>>>> http://smalltalkhub.com/#!/~Cryptography/Cryptography
>>>>
>>>> But I have not updated it for the new FFI versions in Pharo 5/6.
>>>>
>>>>
>>>>
>>>> And Pierce Ng made a blog post and library about his own set up here:
>>>> http://www.samadhiweb.com/blog/2013.11.17.shacrypt.html
>>>>
>>>>
>>>>
>>>>
>>>> Jan Blizničenko wrote
>>>>> Hello
>>>>>
>>>>> I'm working on Pharo-based webserver and right now I got to the topic
>>>>> of
>>>>> storing user passwords. I found SHA256 integrated in Pharo, but
>>>>> hashing with
>>>>> SHA is far from enough. I also looked around the mailing list history
>>>>> to
>>>>> find few posts from 2011 about bcrypt using Linux libraries. I'd like
>>>>> to ask
>>>>> what is current status - what are my options under following
>>>>> conditions:
>>>>>
>>>>> I prefer Pharo 5 compatibility. I could downgrade to Pharo 4 or use
>>>>> beta
>>>>> Pharo 6, but latest stable relase is preferred.
>>>>>
>>>>> I require at least bcrypt or PDKBF2, but I much more prefer
>>>>> GPU-attack-resistant solutions like scrypt or Argon2.
>>>>>
>>>>> I require Linux compatibility, but platform independent solution would
>>>>> be
>>>>> kinda nice (we could use the same algorithm on our local machines with
>>>>> Mac
>>>>> and Win for development).
>>>>>
>>>>> Thank you
>>>>> Jan
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://forum.world.st/Password-storage-options-tp4927471.html
>>>>> Sent from the Pharo Smalltalk Users mailing list archive at
>>>>> Nabble.com.
--
View this message in context:
http://forum.world.st/Password-storage-options-tp4927480p4927603.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
