Hashing Passwords

This is a discussion on Hashing Passwords within the C# Programming forums, part of the General Programming Boards category; In this Java Program it uses some hash to encrypt In this File, I need help to translate some of ...

  1. #1
    Registered User
    Join Date
    Nov 2009
    Posts
    14

    Hashing Passwords

    In this Java Program it uses some hash to encrypt
    In this File, I need help to translate some of this content

    Code:
     private static Logger log = LoggerFactory.getLogger(LoginCryptoLegacy.class);
        /**
         * Map of 6 bit nibbles to base64 characters.
         */
        private static char[] iota64 = new char[64];
        
    
        static {
            int i = 0;
            iota64[i++] = '.';
            iota64[i++] = '/';
            for (char c = 'A'; c <= 'Z'; c++) {
                iota64[i++] = c;
            }
            for (char c = 'a'; c <= 'z'; c++) {
                iota64[i++] = c;
            }
            for (char c = '0'; c <= '9'; c++) {
                iota64[i++] = c;
            }
        }
    
        /**
         * Class Constructor. Static class, so it's a dummy constructor.
         */
        private LoginCryptoLegacy() {
        }
    
        /**
         * Hash the password for first time storage.
         * 
         * @param password The password to be hashed.
         * @return String of the hashed password.
         */
        public static String hashPassword(String password) {
            byte[] randomBytes = new byte[6];
    
            java.util.Random randomGenerator = new java.util.Random();
            randomGenerator.nextBytes(randomBytes);
    
            return myCrypt(password, genSalt(randomBytes));
        }
    
        /**
         * Check a password against a hash.
         * 
         * @param password The password to validate.
         * @param hash The hash to validate against.
         * @return <code>true</code> if the password is correct, <code>false</code> otherwise.
         */
        public static boolean checkPassword(String password, String hash) {
            return (myCrypt(password, hash).equals(hash));
        }
    
        public static boolean isLegacyPassword(String hash) {
            return hash.substring(0, 3).equals("$H$");
        }
    
        /**
         * Encrypt a string with <code>Seed</code> as a seed code.
         * 
         * @param password Password to encrypt.
         * @param seed Seed to use.
         * @return The salted SHA1 hash of password.
         * @throws RuntimeException
         */
        private static String myCrypt(String password, String seed) throws RuntimeException {
            String out = null;
            int count = 8;
            MessageDigest digester;
    
            // Check for correct Seed
            if (!seed.substring(0, 3).equals("$H$")) {
                // Oh noes! Generate a seed and continue.
                byte[] randomBytes = new byte[6];
                java.util.Random randomGenerator = new java.util.Random();
                randomGenerator.nextBytes(randomBytes);
                seed = genSalt(randomBytes);
            }
    
            String salt = seed.substring(4, 12);
            if (salt.length() != 8) {
                throw new RuntimeException("Error hashing password - Invalid seed.");
            }
    
            byte[] sha1Hash = new byte[40];
            try {
                digester = MessageDigest.getInstance("SHA-1");
    
                digester.update((salt + password).getBytes("iso-8859-1"), 0, (salt + password).length());
                sha1Hash = digester.digest();
                do {
                    byte[] CombinedBytes = new byte[sha1Hash.length + password.length()];
                    System.arraycopy(sha1Hash, 0, CombinedBytes, 0, sha1Hash.length);
                    System.arraycopy(password.getBytes("iso-8859-1"), 0, CombinedBytes, sha1Hash.length, password.getBytes("iso-8859-1").length);
                    digester.update(CombinedBytes, 0, CombinedBytes.length);
                    sha1Hash = digester.digest();
                } while (--count > 0);
                out = seed.substring(0, 12);
                out += encode64(sha1Hash);
            } catch (NoSuchAlgorithmException Ex) {
                log.error("Error hashing password.", Ex);
            } catch (UnsupportedEncodingException Ex) {
                log.error("Error hashing password.", Ex);
            }
            if (out == null) {
                throw new RuntimeException("Error hashing password - out = null");
            }
    
            return out;
        }
    
        /**
         * Generates a salt string from random bytes <code>Random</code>
         * 
         * @param Random Random bytes to get salt from.
         * @return Salt string.
         */
        private static String genSalt(byte[] Random) {
            String Salt = "$H$";
            Salt += iota64[30];
            Salt += encode64(Random);
            return Salt;
        }
    
        /**
         * Encodes a byte array into base64.
         * 
         * @param Input Array of bytes to put into base64.
         * @return String of base64.
         */
        private static String encode64(byte[] Input) {
            int iLen = Input.length;
    
            int oDataLen = (iLen * 4 + 2) / 3; // output length without padding
    
            int oLen = ((iLen + 2) / 3) * 4; // output length including
            // padding
    
            char[] out = new char[oLen];
            int ip = 0;
            int op = 0;
            while (ip < iLen) {
                int i0 = Input[ip++] & 0xff;
                int i1 = ip < iLen ? Input[ip++] & 0xff : 0;
                int i2 = ip < iLen ? Input[ip++] & 0xff : 0;
                int o0 = i0 >>> 2;
                int o1 = ((i0 & 3) << 4) | (i1 >>> 4);
                int o2 = ((i1 & 0xf) << 2) | (i2 >>> 6);
                int o3 = i2 & 0x3F;
                out[op++] = iota64[o0];
                out[op++] = iota64[o1];
                out[op] = op < oDataLen ? iota64[o2] : '=';
                op++;
                out[op] = op < oDataLen ? iota64[o3] : '=';
                op++;
            }
            return new String(out);
        }
    }
    is there an equivalent for MessageDigester in C#?
    and those exceptions?
    Thanks for any response

  2. #2
    Anti-Poster
    Join Date
    Feb 2002
    Posts
    1,399
    I hope this helps. If not, can you ask a more specific question?
    If I did your homework for you, then you might pass your class without learning how to write a program like this. Then you might graduate and get your degree without learning how to write a program like this. You might become a professional programmer without knowing how to write a program like this. Someday you might work on a project with me without knowing how to write a program like this. Then I would have to do you serious bodily harm. - Jack Klein

  3. #3
    Registered User
    Join Date
    Nov 2009
    Posts
    14
    already did that lol, I need MessageDigest and all those Exceptions or A Converted version of the Code in C#. This is not my homework, this is a major counterpart in my project

  4. #4
    a_capitalist_story
    Join Date
    Dec 2007
    Posts
    2,652
    So....you're just looking for someone to port this Java code to C# for you and your project? Are you going to pay the person who ports this for you???

  5. #5
    Confused Magos's Avatar
    Join Date
    Sep 2001
    Location
    Sweden
    Posts
    3,145
    Check out System.Security.Cryptography and System.Convert.ToBase64String.
    MagosX.com

    Give a man a fish and you feed him for a day.
    Teach a man to fish and you feed him for a lifetime.

  6. #6
    Anti-Poster
    Join Date
    Feb 2002
    Posts
    1,399
    Quote Originally Posted by deathkosui View Post
    already did that lol, I need MessageDigest and all those Exceptions or A Converted version of the Code in C#.
    In that case, I'll assume that you've thoroughly investigated the very first link in that search. What questions did the first link leave unanswered?
    If I did your homework for you, then you might pass your class without learning how to write a program like this. Then you might graduate and get your degree without learning how to write a program like this. You might become a professional programmer without knowing how to write a program like this. Someday you might work on a project with me without knowing how to write a program like this. Then I would have to do you serious bodily harm. - Jack Klein

  7. #7
    a_capitalist_story
    Join Date
    Dec 2007
    Posts
    2,652
    Dude, that first link required him to click a SECOND link to get more information. What were you THINKING???

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Creating Linked List Using Hashing and Stack
    By m0ntana in forum C Programming
    Replies: 2
    Last Post: 04-07-2007, 08:11 AM
  2. Hashing, indexing and phonetic normalization for approximate str matching...
    By biterman in forum A Brief History of Cprogramming.com
    Replies: 0
    Last Post: 11-21-2006, 09:42 AM
  3. Replies: 8
    Last Post: 09-11-2006, 12:26 PM
  4. Double Hashing
    By carrja99 in forum C++ Programming
    Replies: 1
    Last Post: 03-28-2003, 08:36 AM
  5. hashing
    By condorx in forum C++ Programming
    Replies: 2
    Last Post: 01-31-2003, 09:36 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21