I am using bcryptjs to hash passwords and some other data (All strings), the problem is, when the value of my hashed variable goes over a certain length, bcryptjs compares only the first 71 characters.
Bcrypt in code represents bcrpytjs module:
const bcrypt = require("bcryptjs");
Then I made a random 140 char long string, and hashed it:
const generatedToken = `asdawvuirtienberyntrooniyuetnryuuweyrtwqertynt9ryw954t867q35vb9yupeo8iu798n87vq76t5tvr657tfodgiutiyun98w47ywb6n6e678aretuybaert6yae87br6ta87`;
const hashedToken = await bcrypt.hash(generatedToken, 12);
Then I set a new variable to only the first 75 characters of my generated Token compare the 2 and log the result:
const insertedToken = "asdawvuirtienberyntrooniyuetnryuuweyrtwqertynt9ryw954t867q35vb9yupeo8iu798"
const comparisonResult = await bcrypt.compare(insertedToken, hashedToken);
console.log(comparisonResult);
And I get true, I even get true if after the first 75 characters, there is more that doesn't match :
const insertedToken = "asdawvuirtienberyntrooniyuetnryuuweyrtwqertynt9ryw954t867q35vb9yupeo8iu798 RANDOM TEXT THAT DOES NOT MATCH"
But if only the first 71 characters match, I finally get false. so this method is only viable for variables less than 71 characters.
Is this on bcryptjs ? should I use something else or am I simply using it wrong?
Just to include the answer here, bcryptjs has a limit on 72 characters when it comes to hashing, anything after that gets ignored.
As a small note, its the hashing that has the limit, not .compare, anything after the 71th character gets totally ignored while hashing a string.
Related
A common issue many of the developers might face while building an app with localization (especially when it involves Arabic or an RTL-supported language), is that the search would not result as expected. An example of the issue is:
print(listOfName.contains(InputName))); //prints false
To overcome this issue, I tried comparing the encoded search strings (in both languages) and encoded result strings then only realized that somehow some special characters had been added. For my instance, the characters were RTL[226, 128, 143] and LTR[226, 128, 142]. Before I actually encoded the strings, both search and result were identical or equals to the same. After knowing the extra added characters, I did the following:
var InputNameEncode = InputName.encode
var rightToLeftMark = utf8.decode([226, 128, 143]);
var leftToRightMark = utf8.decode([226, 128, 142]);
InputNameEncode = InputNameEncode.replaceAll(rightToLeftMark, "");
InputNameEncode = InputNameEncode.replaceAll(leftToRightMark, "");
inputName = InputNameEncode.decode
print(listOfName.contains(InputName))); //prints true
As mentioned earlier, in my case the extra characters were RTL and LTR. In your case, you may find something entirely different.
You can know what each encoded set of characters represents on this page: https://www.utf8-chartable.de/unicode-utf8-table.pl?start=8192&number=128&utf8=dec
Flutter Version: 1.22.6
I have been given a string and its corresponding md4 hash. I need to find a similar string that would give the same hash. Below is an MD4 collision example from md4 wiki page; (https://en.wikipedia.org/wiki/MD4)
I don't understand on what basis the characters were changed. What is the criteria for doing so ?
Note : The hex characters (in bold) has been altered
k1 = 839c7a4d7a92cb5678a5d5b9eea5a7573c8a74deb366c3dc20a083b69f5d2a3bb3719dc69891e9f95e809fd7e8b23ba6318edd45e51fe39708bf9427e9c3e8b9
k2 = 839c7a4d7a92cbd678a5d529eea5a7573c8a74deb366c3dc20a083b69f5d2a3bb3719dc69891e9f95e809fd7e8b23ba6318edc45e51fe39708bf9427e9c3e8b9
MD4(k1) = MD4(k2) = 4d7e6a1defa93d2dde05b45d864c429b
Note that two hex-digits of k1 and k2 define one byte of the input string, whose length is 64 bytes .
Last time I got curious about how long would it take to break my password using brute force attack. I'd like to check it.
So, how should I implement algorithm to find all possible key combinations in given range (for eg. 15 letters)? I found algorithms for permutations around but they all swap letters for given word, it's not what I'm looking for.
Assuming that passwords can consist of combinations of 89 possible characters (a-z, A-z, 0-9, space, and all the different symbol keys on a Windows keyboard), a there there are 82 the the 15th power different combinations of 15 characters (82 * 82 * 82 ... ). In other words, a lot.
If you want to use just letters, and you differentiate between upper and lower case, there would be 52 ** 15 possible 15-letter combinations. If you want to take in the possibility of shorter strings as well you could write something like (pseudocode):
long combos = 0
for i = 6 TO 20 -- legal password lengths
combos = combos + POW(52, i)
print "there are " + combos.ToString()
+ " possible passwords between 6 and 20 characters"
To actually enumerate and print the permutations in C# you could do:
void AddNextCharAndPrintIfDone(string pwd, int maxLen)
{
for (char c = 'a'; c < 'Z'; c++)
{
pwd = pwd + c;
if (pwd.Length >= maxLen)
System.Console.WriteLine(pwd);
else AddNextCharAndPrintIfDone(pwd, maxLen)
}
}
Main()
{
for (int i=6; i < 20; i++)
AddNextCharAndPrintIfDone("", i);
}
Not really written for efficiency, but if you have enough memory and time, you'll get every possible permutation.
You can download php pear project math combinatoric to generate those passwords.
i need to get value which first 16 characters are TZxy2o2h2I2NMVR+ for which I have a formula. The formula goes like this: Base64(XOR("KonstantaZaLDAP", MD5(521009)) + XOR(521009, "KonstantaZaLDAP")) or in a word:
I have two values:
int radID = 521009
String konst = "KonstantaZaLDAP"
The first step is to apply XOR operation to konst and MD5 hash value of konst >>XOR(kost, MD5(radID))
Second, I need to apply XOR operation to radID and konst >> XOR(radID, konst).
After that i should concatenate values from first and second step >> XOR(kost, MD5(radID)) + XOR(radID, konst) and finaly Base64 encode concatenated value.
That is Base64(XOR(konst, MD5(radID)) + XOR(radID, konst)).
I have tried to achieve wanted value, and whatever I do, I get first 13 characters right, and after that it's all wrong. The value I get is TZxy2o2h2l2NMfUfpPmJNA==
Can anyone help!?
I understand that System.Security.Cryptography has a MD5 hashing method in MD5.ComputeHash. However, the method takes and returns bytes. I don't understand how to work with this method using String key and hashes. I try to work around by doing this,
var hash = MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(#"text".ToCharArray()));
foreach(byte h in hash)
{
Console.Write((char)h);
}
However the resulting output is gibberish string. For comparison, in this website, entering "text" will result in "1cb251ec0d568de6a929b520c4aed8d1"
writing this code will give the same result as the website:
var hash = MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(#"text".ToCharArray()));
foreach(byte h in hash)
{
Console.Write(h.ToString("x2"));
}
The trick is to print each byte as 2 hexadecimal digits (hence x2)