C++

Forum

 
How to build a proper handwritten salted password hashing??

enriquemesa8080 (28)
Hello. I am making my own salted password hashing algorithm
I have developed the next code.

I am getting garbage when it concatenate strings.
I have build some function that builds a random-string using rand()

Please help me.

I need some help about how to build a hash function
I know that hash function builds an index-like number that points to
certain place in an array, and that can be taken has its hash value.

Please help me.

I also review my other question posted in Lounge:
http://www.cplusplus.com/forum/lounge/228075/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
 //Make an attempt to build by yourself the following:
//     -A program whom has its own proper hash function.
//     -It can be made by yourself.

#include <cstdlib>
#include <iostream>
#include <functional>
#include "random-string.hpp"
#include <cstring>

using namespace std;

char username[65];
char password[65];

int login(char username[], char password[]){
    
}
int make_account(char username[], char password[], int password_size){
    
    char salt[3];
    char final_password[password_size + sizeof(salt)];
    int hash_value;
    
    //Initialize everything now
    memset(final_password, 0, sizeof(final_password));
    
    //Calculate hash value for password
    
    //Build a salt string and append it to the password
    get_random_string(salt, 3);   
    strcat(final_password, password);
    strcat(final_password, salt);
    
    //Hash the string
    hash_value = 10;//;hash(final_password)
    
    //Print some results.
    printf("final_password: %s\n", final_password);
    
    return hash_value;
    
}

int main(int argc, char *argv[])
{
    make_account("enrique1998", "debug\0", strlen("debug"));
    
    system("PAUSE");
    
    printf("username: ");
    scanf("%s", &username);
    printf("\n");
    printf("password: ");
    scanf("%s", &password);
    printf("Salring password hashing...\n");
    
    
    system("PAUSE");
    return EXIT_SUCCESS;
}
coder777 (8439)
I am getting garbage when it concatenate strings.
The reason is that salt contains garbage. It could lead to a crash.

When calculating the string size always keep in mind the terminating 0.
Note that strlen(...) does not count the terminating 0.
Also you should avoid variable length array like on line 22.

The simpliest algorithm is to add each character of the string. E.g.:
1
2
3
4
5
6
 
    hash_value = 10;//;hash(final_password)

for(int i = 0; i < password_size; ++i)
{
  hash_value += password[i];
}


for rand() see:

http://www.cplusplus.com/reference/cstdlib/rand/?kw=rand

Note the srand() function. You may use the hash value as the seed.

When generating the salt you probably want printable characters only (A-Z, a-z, 0-9, etc.).

I also review my other question posted in Lounge:
Honestly, one cannot really do much with that little progam?
Topic archived. No new replies allowed.