Computing hashes and comparing hashes for C++

Dear Mike, I have used the piece of code in this link to create a hash of an username and password on the server side and on the client side create another hash of an username and password. However when I compare the hashes they are not similar even though its the same string on both ends. Can you please help. Thank you.

vg

Dear James, I don't think CryptHashData can be used for creating hashes for strings and comparing. For example if I do CryptCreateHash I have to do if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) before that and infact if you try to do CryptCreateHash two times you'll see that you don't actually get the same hashes so this will not work when you need to compare hash. This I believe is used for encryption. What I need is to make a hash from username and password and make another one at the client side and compare the two. Thanks. vg

vg

Dear Mike, I don't think these are used for creating hashes for strings. For example if I do CryptCreateHash I had to do if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) before that and if you do it two times CryptCreateHash you'll see that you don't actually get the same hashes so this will not work when you need to compare hash. This I believe is used for encryption. What I need is to make a hash from username and password and make another one at the client side and compare the two. Thanks.

vg

Dear James, In that case can you please show me around two ways to calculate a hash for username and password strings. Also how would you compare by using ==? Thanks.

vg

Hello, I have two strings username and password and I want to create a hash of it at the server side and at the client side where the data is reached I want to compare the hash again with another hash. So two questions How do you hash two strings in C++ How do you compare two hashes in C++? Please let me know. Thanks

vg

Dear Mark, I basically want to convert each byte in the encrypted data into two hexidecimal characters. For example 'z' becomes 7A. However my encrypted data is not of fixed length so I'm not sure how do to this. Also once I have the hexidecimal character encrypted data I also need to convert it back into the encrypted data. So that is the functionality I'm looking for. So any suggestions. Thanks.

vg

Dear James, In your above example how would I convert the encrypted data if it is not of fixed length using your solution above. Also once everything is converted to hexidecimal now how would I convert that back into the encrypted data again? Please let me know. Thanks.

vg

Yes but you using a string instead of a byte buffer. So try this out typedef unsigned char *PBYTE; typedef struct chal_buffer { DWORD ulSize; // size of the entire structure DWORD Num1; }CHALL_BUF, *PCHALL_BUF; PBYTE pBufPtr pBufPtr = (UCHAR*)malloc(sizeof(CHALL_BUF)); if(!pBufPtr) return; ((PCHALL_BUF)pBufPtr)->ulSize = sizeof(CHALL_BUF);// in bytes ((PCHALL_BUF)pBufPtr)->Num1=1233456; if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) { if(GetLastError() != NTE_BAD_KEYSET) { } if(!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { } } if(!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) { DWORD dwRet = GetLastError(); } // Derive a session key from the hash object. if(!CryptDeriveKey(hProv, CALG_RC4, hHash, 0, &hKey)) { DWORD dwRet = GetLastError(); } // Destroy the hash object. CryptDestroyHash(hHash); hHash = 0; dwBufferLen = dwCount=((PCHALL_BUF)pBufPtr)->ulSize; if(!CryptEncrypt(hKey, 0, TRUE, 0,pBufPtr, &dwCount, dwBufferLen)) { if(GetLastError() == ERROR_MORE_DATA) { //MessageBox("error","",MB_OK); } } DWORD len = 0; if(!CryptBinaryToString(pBufPtr,dwCount,CRYPT_STRING_BASE64,NULL,&len)) { DWORD dwRet; dwRet=GetLastError(); MessageBox("error","",MB_OK); } LPTSTR pszBase64 = NULL; pszBase64 = (LPTSTR) _alloca ( len * sizeof(TCHAR) ); if(!CryptBinaryToString((BYTE *)pBufPtr,dwCount,CRYPT_STRING_BASE64,pszBase64,&len)) { DWORD dwRet; dwRet=GetLastError(); }

vg

Dear Mark, Yes this worked for you but if you see the string value in this case how will you display it to the user. It is not in any displable format whereas I want to display the data on the screen for the user to either type or read it loud. Thanks.

vg

Dear Mike, The string that I get from the CryptBinarytoString has a square shaped ascii character in it and that gets displayed to the user that day. So if the user were to use that string there is no way he/she can do that. I'm getting a base 64 encoded version of the data but I'm just wondering as to why it always includes those funny characters at the end and is there a way to avoid it. Thanks.

vg

Basically 1 stands for CRYPT_STRING_BASE64 and 4 stans for CRYPT_STRING_HEX CRYPT_STRING_HEXASCII doesn't help in this case also. Thanks

vg

Hello, I am trying to encrypt some data which contains a structure and the encrypted data looks like the following ËO.ÛßÞ¸ëô¾óÉïD»åÏë3¸·««««««««" The code to encrypt the data is the following dwBufferLen = dwCount=((STRUCT_BUF)pBufPtr)->ulSize; if(!CryptEncrypt(hKey, 0, TRUE, 0,pBufPtr, &dwCount, dwBufferLen)) { if(GetLastError() == ERROR_MORE_DATA) { //MessageBox("error","",MB_OK); } } Now I want to convert this encrypted data to a string so that it can be displayed to the user on the screen for typing purposes However when I call CryptBinaryToString with the data passed in it returns a string with alphanumeric characters but also other garbage characters. The string looks like the following y08u29/euOv0vWzx9Oo DWORD len; if(!CryptBinaryToString(pBufPtr,dwCount,1,NULL,&len)) { DWORD dwRet; dwRet=GetLastError(); MessageBox("error","",MB_OK); } char *msg2=(char*)malloc(len); *msg2 = NULL; if(!CryptBinaryToString((BYTE *)pBufPtr,dwCount,1,msg2,&len)) { DWORD dwRet; dwRet=GetLastError(); } Instead of 1 as the third argument above I tried passing in 4 and 12 but still get the same result. So how do I get rid of the garbage characters. Please help. Thanks. vg

My friend how can I display it in encrypted format to the user. The user won't understand anything.

vg

What I mean by that is say the entire string is of 25 size I need to conver that to 10 or maybe less so that when it is displayed on the screen to the user, the user can take that string and read it out to Admin. Hope this makes it clear. Thanks.

vg

Basically I the encrypted binary data I want to convert to a string and display it as a challenge to the user who can read it out to the admin user who can use that challenge to create the response. So I need to convert that string into a decent size number or maybe string itself is fine that can be displayed to the user. Thanks.

vg

Hey guys, I am using this code to convert the data into string CryptBinaryToString((BYTE *)pBufPtr,len,1,msg2,&lul_buflen); The msg2 looks like "KBeMW9yLvHwMow5dKCXO3ddKLzIGQTmbtNVmmFF2FmT9/f39q6urq6urq6vu/u7+" and I am using the following functions to convert the string to long so that I can reduce the size to be displayed on the string char *p; long l = strtol(msg2, &p, 10); long temp1 = atoi(msg2); But both of them return 0 as the value. Please help. vg

Hey guys, I am using this code to convert the data into string CryptBinaryToString((BYTE *)pBufPtr,len,1,msg2,&lul_buflen); The msg2 looks like "KBeMW9yLvHwMow5dKCXO3ddKLzIGQTmbtNVmmFF2FmT9/f39q6urq6urq6vu/u7+" and I am using the following functions to convert the string to long so that I can reduce the size to be displayed on the string char *p; long l = strtol(msg2, &p, 10); long temp1 = atoi(msg2); But both of them return 0 as the value. Please help. Thanks.

vg

Dear James, In the message above you said we can reduce the buffer by using the function ultoa. But my question is I have to first convert the buffer into ulong and then use the function ultoa. So how do I convert the buffer to ulong because the function ultoa takes in a ulong as its first parameter. So please let me know. Thanks.

vg

Dear James, In the message above you said we can reduce the buffer by using the function ultoa. But my question is I have to first convert the buffer into ulong and then use the function ultoa. So how do I convert the buffer to ulong because the function ultoa takes in a ulong as its first parameter. So please let me know. Thanks.

vg

Yes but that gives me a long string how do I make that smaller ? Thanks.

vg