Computing hashes and comparing hashes for C++
-
Hello, I have two strings username and password and I want to create a hash of it at the server side and at the client side where the data is reached I want to compare the hash again with another hash. So two questions How do you hash two strings in C++ How do you compare two hashes in C++? Please let me know. Thanks
vg
-
Hello, I have two strings username and password and I want to create a hash of it at the server side and at the client side where the data is reached I want to compare the hash again with another hash. So two questions How do you hash two strings in C++ How do you compare two hashes in C++? Please let me know. Thanks
vg
There are many different ways to hash values, a simple CRC can be considered a hash, all the way to an MD5 message digest hash. Usually, comparing them is just comparing the hash results. Compare the binary values, or convert them to strings and then compare them, it is all the same. Peace!
-=- James
Please rate this message - let me know if I helped or not! * * *If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong!
Avoid driving a vehicle taller than you and remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road!
See DeleteFXPFiles -
There are many different ways to hash values, a simple CRC can be considered a hash, all the way to an MD5 message digest hash. Usually, comparing them is just comparing the hash results. Compare the binary values, or convert them to strings and then compare them, it is all the same. Peace!
-=- James
Please rate this message - let me know if I helped or not! * * *If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong!
Avoid driving a vehicle taller than you and remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road!
See DeleteFXPFiles -
Hello, I have two strings username and password and I want to create a hash of it at the server side and at the client side where the data is reached I want to compare the hash again with another hash. So two questions How do you hash two strings in C++ How do you compare two hashes in C++? Please let me know. Thanks
vg
You can use the crypto API, look up
CryptCreateHash()andCryptHashData()--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ"); Ford, what's this fish doing in my ear?
-
Dear James, In that case can you please show me around two ways to calculate a hash for username and password strings. Also how would you compare by using ==? Thanks.
vg
As alreasy posted,
CryptHashData(...)and its related functions can generate a hash value from your raw data (username/password). You will not be able to just use==to compare the hash values unless you have the hash values encapsulated in an object that overrides that operator. You can always usememcmp(...)to compare the raw data. One thing - some systems store password hashes in a database instead of the plaintext password, and then just have to compare the hash values to verify it - that way, you do not risk the plaintext password if someone gets into the database. However, do not try to do the same thing usernames - depending on the hashing technique, there exists a chance (however slim it may be) for two different usernames produce the same hash value. If this happens, you will be unable to disambiguate one from the other in the database and will not know which one is logging in, or which password hash to compare against. Peace!-=- James
Please rate this message - let me know if I helped or not! * * *If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong!
Avoid driving a vehicle taller than you and remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road!
See DeleteFXPFiles -
Hello, I have two strings username and password and I want to create a hash of it at the server side and at the client side where the data is reached I want to compare the hash again with another hash. So two questions How do you hash two strings in C++ How do you compare two hashes in C++? Please let me know. Thanks
vg
vgandhi wrote:
How do you hash two strings in C++ How do you compare two hashes in C++?
hashes have different purposes, as you see by your answers, there are perfect hashes, in which case you are trying to generate an absolute reference hash for two different strings of expected input. Cryptographic hashes try to be perfect hashes, when they are found to not be unique within the bit range of the expected input, this is considered a bug and they are fixed or replaced. as for comparing... you need an api routine that runs on strings, run them, compare them. These are non-cryptographic hashes, similar to CRC but they are designed for optimum distribution range not just uniqueness. With optimized bit distribution of the result, you can mod the result to your own range. http://www.azillionmonkeys.com/qed/hash.html[^] there is also a test project that compares the hash routines.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
-
You can use the crypto API, look up
CryptCreateHash()andCryptHashData()--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ"); Ford, what's this fish doing in my ear?
Dear Mike, I don't think these are used for creating hashes for strings. For example if I do CryptCreateHash I had to do if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) before that and if you do it two times CryptCreateHash you'll see that you don't actually get the same hashes so this will not work when you need to compare hash. This I believe is used for encryption. What I need is to make a hash from username and password and make another one at the client side and compare the two. Thanks.
vg
-
As alreasy posted,
CryptHashData(...)and its related functions can generate a hash value from your raw data (username/password). You will not be able to just use==to compare the hash values unless you have the hash values encapsulated in an object that overrides that operator. You can always usememcmp(...)to compare the raw data. One thing - some systems store password hashes in a database instead of the plaintext password, and then just have to compare the hash values to verify it - that way, you do not risk the plaintext password if someone gets into the database. However, do not try to do the same thing usernames - depending on the hashing technique, there exists a chance (however slim it may be) for two different usernames produce the same hash value. If this happens, you will be unable to disambiguate one from the other in the database and will not know which one is logging in, or which password hash to compare against. Peace!-=- James
Please rate this message - let me know if I helped or not! * * *If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong!
Avoid driving a vehicle taller than you and remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road!
See DeleteFXPFilesDear James, I don't think CryptHashData can be used for creating hashes for strings and comparing. For example if I do CryptCreateHash I have to do if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) before that and infact if you try to do CryptCreateHash two times you'll see that you don't actually get the same hashes so this will not work when you need to compare hash. This I believe is used for encryption. What I need is to make a hash from username and password and make another one at the client side and compare the two. Thanks. vg
vg
-
Dear Mike, I don't think these are used for creating hashes for strings. For example if I do CryptCreateHash I had to do if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) before that and if you do it two times CryptCreateHash you'll see that you don't actually get the same hashes so this will not work when you need to compare hash. This I believe is used for encryption. What I need is to make a hash from username and password and make another one at the client side and compare the two. Thanks.
vg
No, you can do hashing without encryption. See Hashing using the Win32 Crypto API[^]
--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ"); Ford, what's this fish doing in my ear?
-
No, you can do hashing without encryption. See Hashing using the Win32 Crypto API[^]
--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ"); Ford, what's this fish doing in my ear?
Dear Mike, I have used the piece of code in this link to create a hash of an username and password on the server side and on the client side create another hash of an username and password. However when I compare the hashes they are not similar even though its the same string on both ends. Can you please help. Thank you.
vg