21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

CryptHashData(hHash1, lpszKey, dwKeyLength, 0);<br />

cbHash = 16; CryptGetHashParam(hHash1, HP_HASHVAL, pbHash, &cbHash, 0);<br />

CryptDestroyHash(hHash1);<br />

for (length = dwKeyLength; length > 0; length -= 16)<br />

CryptHashData(hHash, pbHash, (length > 16 ? 16 : length), 0);<br />

SecureZeroMemory(pbHash, 16);<br />

for (i = dwKeyLength; i; i >>= 1)<br />

if (i & 1) CryptHashData(hHash, pbHash, 1, 0);<br />

else CryptHashData(hHash, lpszKey, 1, 0);<br />

cbHash = 16; CryptGetHashParam(hHash, HP_HASHVAL, pbHash, &cbHash, 0);<br />

CryptDestroyHash(hHash);<br />

for (i = 0; i < 1000; i++) {<br />

if (!CryptCreateHash(hProvider, CALG_MD5, 0, 0, &hHash)) {<br />

CryptReleaseContext(hProvider, 0);<br />

return FALSE;<br />

}<br />

if (i & 1) CryptHashData(hHash, lpszKey, dwKeyLength, 0);<br />

else CryptHashData(hHash, pbHash, 16, 0);<br />

if (i % 3) CryptHashData(hHash, lpszSalt, dwSaltLength, 0);<br />

if (i & 7) CryptHashData(hHash, lpszKey, dwKeyLength, 0);<br />

if (i & 1) CryptHashData(hHash, pbHash, 16, 0);<br />

else CryptHashData(hHash, lpszKey, dwKeyLength, 0);<br />

cbHash = 16; CryptGetHashParam(hHash, HP_HASHVAL, pbHash, &cbHash, 0);<br />

CryptDestroyHash(hHash);<br />

}<br />

CryptReleaseContext(hProvider, 0);<br />

return TRUE;<br />

}<br />

LPSTR SpcMD5Encrypt(LPCSTR lpszKey, LPCSTR lpszSalt) {<br />

BYTE pbHash[16], pbRawSalt[8];<br />

DWORD dwResultLength, dwSaltLength;<br />

LPSTR lpszBase64Out, lpszBase64Salt, lpszResult, lpszTemp;<br />

LPCSTR lpszSaltEnd;<br />

lpszBase64Out = lpszBase64Salt = lpszResult = 0;<br />

if (!lpszSalt) {<br />

spc_rand(pbRawSalt, (dwSaltLength = sizeof(pbRawSalt)));<br />

if (!(lpszBase64Salt = Crypt64Encode(pbRawSalt))) goto done;<br />

if (!(lpszTemp = (LPSTR)LocalReAlloc(lpszBase64Salt, dwSaltLength + 1, 0)))<br />

goto done;<br />

lpszBase64Salt = lpszTemp;<br />

} else {<br />

if (lpszSalt[0] != '$' || lpszSalt[1] != '1' || lpszSalt[2] != '$') goto done;<br />

for (lpszSaltEnd = lpszSalt + 3; *lpszSaltEnd != '$'; lpszSaltEnd++)<br />

if (!*lpszSaltEnd) goto done;<br />

dwSaltLength = (lpszSaltEnd - (lpszSalt + 3));<br />

if (dwSaltLength > 8) dwSaltLength = 8; /* maximum salt is 8 bytes */<br />

if (!(lpszBase64Salt = (LPSTR)LocalAlloc(LMEM_FIXED,dwSaltLength + 1)))<br />

goto done;<br />

CopyMemory(lpszBase64Salt, lpszSalt + 3, dwSaltLength);<br />

Performing Password-Based Authentication with MD5-MCF | 407<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!