Secure Programming Cookbook for C and C++ by John Viega; Matt Messier
Author:John Viega; Matt Messier
Language: eng
Format: mobi
Tags: COMPUTERS / Programming Languages / C++
ISBN: 9780596003944
Publisher: O'Reilly Media
Published: 2003-01-02T00:00:00+00:00
Discussion
Tip
What we are doing here isn't really encrypting a password. Actually, we are creating a password validator. We use the term encryption because it is in common use and is a more concise way to explain the process.
MCF is a 7-bit encoding that allows for encoding multiple fields into a single string. A dollar sign delimits each field, with the first field indicating the algorithm to use by way of a predefined number. At present, only two well-known algorithms are defined: 1 indicates MD5 and 2 indicates Blowfish. The contents of the first field also dictate how many fields should follow and the type of data each one contains. The first character in an MCF string is always a dollar sign, which technically leaves the 0th field empty.
For encoding MD5 in MCF, the first field must contain a 1, and two additional fields must follow: the first is the salt, and the second is the MD5 checksum that is calculated from a sequence of MD5 operations based on a nonintuitive process that depends on the value of the salt and the password. The intent behind this process was to slow down brute-force attacks; however, we feel that the algorithm is needlessly complex, and there are other, better ways to achieve the same goals.
Warning
As with the traditional DES-based crypt( ), we do not recommend that you use MD5-MCF in new authentication systems. You should use it only when you must maintain compatibility with existing systems. We recommend that you consider using something like PBKDF2 instead. (See Recipe 8.11.)
The function spc_md5_encrypt( ) implements a crypt( )-like function that uses the MD5-MCF method that we've described. If it is successful (the only error that should ever occur is an out-of-memory error), it will return a dynamically allocated buffer that contains the encrypted password in MCF.
In this recipe, we present two versions of spc_md5_encrypt( ) in their entirety. The first uses OpenSSL and standard C runtime functions; the second uses the native Win32 API and CryptoAPI.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/md5.h>
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(12563)
Hello! Python by Anthony Briggs(9911)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9794)
The Mikado Method by Ola Ellnestam Daniel Brolund(9775)
Dependency Injection in .NET by Mark Seemann(9335)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8292)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7758)
Grails in Action by Glen Smith Peter Ledbrook(7693)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7557)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7012)
Microservices with Go by Alexander Shuiskov(6780)
Practical Design Patterns for Java Developers by Miroslav Wengner(6692)
Test Automation Engineering Handbook by Manikandan Sambamurthy(6633)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6409)
Angular Projects - Third Edition by Aristeidis Bampakos(6041)
The Art of Crafting User Stories by The Art of Crafting User Stories(5572)
NetSuite for Consultants - Second Edition by Peter Ries(5503)
Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov(5305)
Kotlin in Action by Dmitry Jemerov(5061)
