Re: Storing passwords in a database
- From: "Mikael Lenfors" <mikael@xxxxxxxxxx>
- Date: Mon, 27 Nov 2006 10:05:54 +0100
Thanks for your suggestions....
I found thw code below to generate a SHA1 code.
Does this seem ok? Or is there a more common method?
What USES du I need to compile it?
The resulting SHA1 string, does it contain any ASCI(0)? Usually this i s a
problem in the database.
Regards, Mikael
function SHA1(msg: string): string;
var
mdLength, b64Length: integer;
mdValue: array [0..EVP_MAX_MD_SIZE] of byte;
mdctx: EVP_MD_CTX;
memout, b64: pBIO;
inbuf, outbuf: array [0..1023] of char;
begin
StrPCopy(inbuf, msg);
EVP_DigestInit(@mdctx, EVP_sha1());
EVP_DigestUpdate(@mdctx, @inbuf, StrLen(inbuf));
EVP_DigestFinal(@mdctx, @mdValue, mdLength);
mdLength := EVP_MD_CTX_size(@mdctx);
b64 := BIO_new(BIO_f_base64);
memout := BIO_new(BIO_s_mem);
b64 := BIO_push(b64, memout);
BIO_write(b64, @mdValue, mdLength);
BIO_flush(b64);
b64Length := BIO_read(memout, @outbuf, 1024);
outbuf[b64Length-1] := #0;
result := StrPas(@outbuf);
end;
"John Herbster" <herb-sci1_AT_sbcglobal.net> skrev i meddelandet
news:4562e7fc$1@xxxxxxxxxxxxxxxxxxxxxxxxx
"Thomas Mueller" <nospam@xxxxxxxxxxxx> wrote
...had (by comparing it to the hashes of these, see step 5), if it doesn't
4. ... and lastly that it isn't one of the last n passwords the user
qualify, exit
5. Store the hash of the old password so it will be available for step4 in the future
...
Thomas, Thanks for reminding me of the need for step 5. Rgds, JohnH
.
- References:
- Storing passwords in a database
- From: Mikael Lenfors
- Re: Storing passwords in a database
- From: Thomas Mueller
- Re: Storing passwords in a database
- From: John Herbster
- Storing passwords in a database
- Prev by Date: Re: Refreshing a current record in a DataSet
- Next by Date: Re: ADOQuery in thread hangs, Solved !!!!!!!!!
- Previous by thread: Re: Storing passwords in a database
- Next by thread: Handling Open Exception
- Index(es):
