Hi Hernán,
cool!
JFYI: I just updated the configuration to use the new Cryptogtaphy
Package (v50) by Esteban. Maybe it's time to create it's own config for it.
CU,
Udo
Am 06/07/17 um 05:19 schrieb Hernán Morales Durand:
Hi Udo and others,
I just integrated PBKDF2 hasher into ApplicationS
Hi Udo and others,
I just integrated PBKDF2 hasher into ApplicationSecurity:
Usage example:
(ASPasswordVerifier new
hasher: ASPBKDF2Hasher new;
plainTextPassword: 'testPassword';
storedSalt: '590b223fc584ae96edf3d5dc7e363034';
storedFinalPassword: '2828efb46d56ca2fb004026398d412ef
Agreed.
--
View this message in context:
http://forum.world.st/Validate-password-with-PBKDF2-tp4952973p4953207.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
--- Begin Message ---
That's fine, thanks Udo and thanks for your PBKDF2 code
Francis
Udo Schneider wrote
> Francis,
>
> I can relate to the idea of easily embedding PBKDF2/bcrypt into your
> code. However the functionality of /managing/ the salt is not specificed
> in PBKDF2. The spec only co
--- Begin Message ---
Right!
Sven Van Caekenberghe-2 wrote
> Now, using #hasEqualElements: would solve the original problem
--
View this message in context:
http://forum.world.st/Validate-password-with-PBKDF2-tp4952973p4953176.html
Sent from the Pharo Smalltalk Users mailing list archive a
--- Begin Message ---
Evaluate:
(UUID fromString: '0608b9dc-02e4-4dd0-9f8a-ea45160df641') asByteArray =
(ByteArray fromHexString: '0608B9DC02E44DD09F8AEA45160DF641').
Francis
Erik Stel wrote
> Hi Francis,
>
> You write:
> Pharo Smalltalk Users mailing list wrote
>> FIY
>>
>> UUID new asByteArr
Erik,
> On 1 Jul 2017, at 09:41, Erik Stel wrote:
>
> Hi Francis,
>
> You write:
>
> Pharo Smalltalk Users mailing list wrote
>> FIY
>>
>> UUID new asByteArray
>>
>> does not give a ByteArray because UUID is a subclass of ByteArray and
>> asByteArray returns self
>
> (Entering teacher mode)
Francis,
I can relate to the idea of easily embedding PBKDF2/bcrypt into your
code. However the functionality of /managing/ the salt is not specificed
in PBKDF2. The spec only covers the actual the hashing part. However
wrapping it into a simple to use wrapper is pretty simple. The code
below
Hi Francis,
You write:
Pharo Smalltalk Users mailing list wrote
> FIY
>
> UUID new asByteArray
>
> does not give a ByteArray because UUID is a subclass of ByteArray and
> asByteArray returns self
(Entering teacher mode)
This actually means that "UUID new asByteArray" does answer a ByteArray. I
--- Begin Message ---
Ah-ha! You are right, the proper way to encrypt is with the salt and then
prepend the salt.
Thanks
Francis
FIY does not give a ByteArray because UUID is a subclass of ByteArray and
asByteArray returns self
Erik Stel wrote
> Francis,
>
> You're using an empty salt when c
Francis,
You're using an empty salt when creating the hash. Just prepending a random
number does not add much security. Anyone knowing your solution will just
prepend a random number. And creating only a few accounts in your system
will probably reveal that information as well. A wrong-doer will j
--- Begin Message ---
Thanks Pierce and hernanmd
I decided to adopt the solution of the prepended salt as Erik said in the
previous post.
Here is my code, I hope it can be useful for the community
First I hash the password with an empty salt
PBKDF2 derivedKeyHashFunction: SHA256 password: 'aSimp
I guess I could integrate Udo's PBKDF2 into ApplicationSecurity. See under
"Using the CheckPoint" if matches your API you're looking for:
http://80738163270632.blogspot.com.ar/2014/10/application-security-2-checkpoint.html
Cheers,
Hernán
2017-06-30 4:43 GMT-03:00 Francis via Pharo-users <
phar
Francis,
The hashpw function returns a hash with the salt prepended. So it contains
both elements. (See for example explanation at:
https://stackoverflow.com/questions/27413248/why-can-bcrypt-hashpw-be-used-both-for-hashing-and-verifying-passwords).
You can do the same thing here. Assuming you
On Fri, Jun 30, 2017 at 12:43:23AM -0700, Francis via Pharo-users wrote:
> Saving the salt is not a big issue but I'd like something more simple.
> In python I can store the salt with the password
> see:https://pypi.python.org/pypi/bcrypt/3.1.0
Hi, you could try PasswordCrypt:
https://github.c
--- Begin Message ---
Thank you Paul,
Saving the salt is not a big issue but I'd like something more simple.
In python I can store the salt with the password
see:https://pypi.python.org/pypi/bcrypt/3.1.0
# Hash a password for the first time, with a randomly-generated salt
hashed = bcrypt.hashpw(p
Looks like you'll have to store the salt when making the original hash of the
password.
With that you can do
| salt originalPassword userInputPassword originalHash newHash secretKey |
salt:='salt'.
originalPassword:='password'.
userInputPassword:='12345678'.
originalHash:=PBKDF2 derivedKeySHA
--- Begin Message ---
Hi folks
I'm playing with the PBKDF2 package of Udo:
http://www.smalltalkhub.com/#!/~UdoSchneider/PBKDF2
(thanks Udo), but I can't find how to validate a stored hash.
Can you point me in the right direction?
Thanks
Francis
--
View this message in context:
http://forum.w
18 matches
Mail list logo
