21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

CryptHashData(hHash1, lpszKey, dwKeyLength, 0);<br />

cbHash = 16; CryptGetHashParam(hHash1, HP_HASHVAL, pbHash, &cbHash, 0);<br />

CryptDestroyHash(hHash1);<br />

for (length = dwKeyLength; length > 0; length -= 16)<br />

CryptHashData(hHash, pbHash, (length > 16 ? 16 : length), 0);<br />

SecureZeroMemory(pbHash, 16);<br />

for (i = dwKeyLength; i; i >>= 1)<br />

if (i & 1) CryptHashData(hHash, pbHash, 1, 0);<br />

else CryptHashData(hHash, lpszKey, 1, 0);<br />

cbHash = 16; CryptGetHashParam(hHash, HP_HASHVAL, pbHash, &cbHash, 0);<br />

CryptDestroyHash(hHash);<br />

for (i = 0; i < 1000; i++) {<br />

if (!CryptCreateHash(hProvider, CALG_MD5, 0, 0, &hHash)) {<br />

CryptReleaseContext(hProvider, 0);<br />

return FALSE;<br />

}<br />

if (i & 1) CryptHashData(hHash, lpszKey, dwKeyLength, 0);<br />

else CryptHashData(hHash, pbHash, 16, 0);<br />

if (i % 3) CryptHashData(hHash, lpszSalt, dwSaltLength, 0);<br />

if (i & 7) CryptHashData(hHash, lpszKey, dwKeyLength, 0);<br />

if (i & 1) CryptHashData(hHash, pbHash, 16, 0);<br />

else CryptHashData(hHash, lpszKey, dwKeyLength, 0);<br />

cbHash = 16; CryptGetHashParam(hHash, HP_HASHVAL, pbHash, &cbHash, 0);<br />

CryptDestroyHash(hHash);<br />

}<br />

CryptReleaseContext(hProvider, 0);<br />

return TRUE;<br />

}<br />

LPSTR SpcMD5Encrypt(LPCSTR lpszKey, LPCSTR lpszSalt) {<br />

BYTE pbHash[16], pbRawSalt[8];<br />

DWORD dwResultLength, dwSaltLength;<br />

LPSTR lpszBase64Out, lpszBase64Salt, lpszResult, lpszTemp;<br />

LPCSTR lpszSaltEnd;<br />

lpszBase64Out = lpszBase64Salt = lpszResult = 0;<br />

if (!lpszSalt) {<br />

spc_rand(pbRawSalt, (dwSaltLength = sizeof(pbRawSalt)));<br />

if (!(lpszBase64Salt = Crypt64Encode(pbRawSalt))) goto done;<br />

if (!(lpszTemp = (LPSTR)LocalReAlloc(lpszBase64Salt, dwSaltLength + 1, 0)))<br />

goto done;<br />

lpszBase64Salt = lpszTemp;<br />

} else {<br />

if (lpszSalt[0] != '$' || lpszSalt[1] != '1' || lpszSalt[2] != '$') goto done;<br />

for (lpszSaltEnd = lpszSalt + 3; *lpszSaltEnd != '$'; lpszSaltEnd++)<br />

if (!*lpszSaltEnd) goto done;<br />

dwSaltLength = (lpszSaltEnd - (lpszSalt + 3));<br />

if (dwSaltLength > 8) dwSaltLength = 8; /* maximum salt is 8 bytes */<br />

if (!(lpszBase64Salt = (LPSTR)LocalAlloc(LMEM_FIXED,dwSaltLength + 1)))<br />

goto done;<br />

CopyMemory(lpszBase64Salt, lpszSalt + 3, dwSaltLength);<br />

Performing Password-Based Authentication with MD5-MCF | 407<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!