Segault Nettle.Hash()->crypt_hash()

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Segault Nettle.Hash()->crypt_hash()

Thomas Gusenleitner
Hi,

i try to figure out how to use Nettle.Hash()->crypt_hash(). 

here a simple test.
Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
> Nettle.Hash()->crypt_hash("password","$5$123456",5000);
Segmentation fault (core dumped)


maybe someone can explain me how to use it

best regards
thomas
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Segault Nettle.Hash()->crypt_hash()

Henrik Grubbström-2
On Wed, 12 Jul 2017, Thomas Gusenleitner wrote:

> Hi,

Hi.

> i try to figure out how to use Nettle.Hash()->crypt_hash().
>
> here a simple test.
> Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
>> Nettle.Hash()->crypt_hash("password","$5$123456",5000);
> Segmentation fault (core dumped)

Oops, seems a NULL check was missing in crypt_hash().

Thanks for the report, fixed in Pike 8.0 and 8.1.

The Nettle.Hash class is typically not used directly, but via some
module that inherits it and implements some basic hash algorithm.

Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
> Crypto.SHA256.crypt_hash("password", "123456", 5000);
(1) Result: "GZFZL7s1iPJu9f5mqAsHYBa/62DQI058psTiu9XgwgC"

In your specific case it looks like you may be interested in the
Crypto.Password module:

Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
> Crypto.Password.hash("password", "$5$", 5000);
(1) Result: "$5$KIKLrEluYuV+c8+V$W4rf2hyb5c/EBDHrPTVJvUagnzYhOaGGVXEy0KO6173"
> Crypto.Password.verify("password", "$5$KIKLrEluYuV+c8+V$W4rf2hyb5c/EBDHrPTVJvUagnzYhOaGGVXEy0KO6173");
(2) Result: 1
> Crypto.Password.verify("badpass", "$5$KIKLrEluYuV+c8+V$W4rf2hyb5c/EBDHrPTVJvUagnzYhOaGGVXEy0KO6173");
(3) Result: 0

Did this help?

  /grubba

--
Henrik Grubbström [hidden email]
Roxen Internet Software AB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Segault Nettle.Hash()->crypt_hash()

Thomas Gusenleitner
Hi Grubba,

thanks a lot - thats what i'm looking for.

is there a way to define a salt in Crypto.Password.hash() ?

greetings
Thomas

2017-07-12 19:18 GMT+02:00 Henrik Grubbström <[hidden email]>:
On Wed, 12 Jul 2017, Thomas Gusenleitner wrote:

Hi,

Hi.

i try to figure out how to use Nettle.Hash()->crypt_hash().

here a simple test.
Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
Nettle.Hash()->crypt_hash("password","$5$123456",5000);
Segmentation fault (core dumped)

Oops, seems a NULL check was missing in crypt_hash().

Thanks for the report, fixed in Pike 8.0 and 8.1.

The Nettle.Hash class is typically not used directly, but via some
module that inherits it and implements some basic hash algorithm.

Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
Crypto.SHA256.crypt_hash("password", "123456", 5000);
(1) Result: "GZFZL7s1iPJu9f5mqAsHYBa/62DQI058psTiu9XgwgC"

In your specific case it looks like you may be interested in the
Crypto.Password module:

Pike v8.0 release 438 running Hilfe v3.5 (Incremental Pike Frontend)
Crypto.Password.hash("password", "$5$", 5000);
(1) Result: "$5$KIKLrEluYuV+c8+V$W4rf2hyb5c/EBDHrPTVJvUagnzYhOaGGVXEy0KO6173"
Crypto.Password.verify("password", "$5$KIKLrEluYuV+c8+V$W4rf2hyb5c/EBDHrPTVJvUagnzYhOaGGVXEy0KO6173");
(2) Result: 1
Crypto.Password.verify("badpass", "$5$KIKLrEluYuV+c8+V$W4rf2hyb5c/EBDHrPTVJvUagnzYhOaGGVXEy0KO6173");
(3) Result: 0

Did this help?

        /grubba

--
Henrik Grubbström                                       [hidden email]
Roxen Internet Software AB

Loading...