I need to generate a large random string to encrypt some passwords with in perl. The keys I am using now to encrypt with are generated from the Gibson Research Corp website. They were meant to be place holders for me to test with. Now I am looking to make something final.
I would like the key to be something enclosed in a file kinda like a SSL cert but not nearly as long, right now I am using a 64-bit key for testing I would think 1024-bit key would be a bit overkill, this key is NEVER going to be seen on the internet it is just to encrypt password in my config file from "prying" eyes more or less. The reason for it to be in file of some kind would so the encrypter could read it and the decrypter could also read and they would stay in sync using the same key rather than have to copy and paste the keys into each script and therefore have a chance of user error.
Using the Perl hex function, you can convert a decimal number into a hexadecimal one.
Here's a snippet that creates a string of 32 random hex digits:
my $rand_hex = join "", map { unpack "H*", chr(rand(256)) } 1..16;
Here's another - simpler - way to generate 32 random hex digits:
use Digest::MD5 qw(md5_hex);
my $rand_hex2 = md5_hex(rand);
Related
Simple question. What is the best (most universal) way to display a file hash? Below are two SHA256 hashes for the same file. One is displayed as base64 and one is...something else. The file hash will be used for auditing to make sure the file we send is the same as the file the auditor received. If the hash needs to be verified, I want to make sure I provide the hash that is the most easily verifiable.
SHA256 55461e72cccb74b475278189956b9db307bf44945e1639af93c34b224b7fcfd
SHA256 Base 64 VUYecszLdLR1J4GJlWudswe/RJReFjmvk8NLIkt/z9s=
55461e72cccb74b475278189956b9db307bf44945e1639af93c34b224b7fcfd
The point of Base64 is to constrain the character set to displayable characters. The hash is in hexadecimal which is even more constrained.
I have a PHP application that has passwords stored in the database as the output of sha1($password), which is apparently the hex representation of the binary SHA1 hash. (as I understand it)
I would like to convert that to a format that is compatible for Apache .htpassword files, which needs to be the base64 encoded binary value or the output of base64_encode(sha1($password, true)).
I found this thread: Convert base64'd SHA1 hashes to Hex hashes ... which is doing the opposite of what I need to do, and it works great. I tried to change the ordering of the commands and use hex2bin instead of bin2hex, but that doesn't work:
Fatal error: Call to undefined function hex2bin() in php shell code on line 1
Apparently that is not available until PHP 5.4, and this server is still on 5.3.x
http://php.net/manual/en/function.hex2bin.php
Here is the real problem. I actually need it to convert in PERL, preferably only using standard built-in modules to keep everything simple. I am not sure why they are using perl for this step, but I am trying to edit one very small part of a larger application and don't want to change the whole thing yet :)
To be clear, I am not trying to convert hex numbers to binary numbers. This is a hex representation of a binary value, stored in a perl "string" :)
Thanks in advance,
Tommy
You explain so much but still leave me unsure as to what you want :/
If what you want is to convert from a hex string to a blob to base64 string, which is what you say you want in the top paragraph of your question,
use MIME::Base64;
my $bin = pack "H*", $hex_str;
my $encoded = encode_base64($bin);
which exactly matches what you want: base64_encode(sha1($password, true))
Ignore my previous answers and edits.
How do I generate or find string that can't be possibly generated by SHA1 encrypting of any input string?
The reason I ask this is because I need a global password placeholder in user table.
Thanks
It depends on the representation you use to store the SHA1-hash, actually. But just a * like sometimes used in /etc/passwd, should work. Actually an empty string would work, too, but I would use something more explicid -- like '*invalid'
If you are using the standard hex representation (like '68ac906495480a3404beee4874ed853a037a7a8f' e.g.), you could use everything that is not a 40digit hex number actually. Use some ascii char, not in [0-9a-f] better yet not in [0-9a-zA-Z].
I was wondering if there is a way to "test" to see if a particular string is encrypted or not.
I am using Crypt::CBC to encrypt a password with Rijndael.
As it stands my script has a "switch" that is either set as 0 or 1 that tells the script weather or not the password needs to be passed through the decrypt phase in order to be read.
I would like to eliminate that phase if I could.
The reason is I am trying to prevent the users of script from possibly prsenting the script with a situation where the password is encrypted but the "switch" was set to 0 meaning not encrypted because this would create a huge "trainwreck".
change your apps so passwords are only stored encrypted. confusion gone.
Rijndael has a block size of 128-bits so the output will always be a multiple of this.
If the encrypted passwords are hex-encoded then that will give you strings that are a multiple of 32 characters. In fact, with the IV added, the strings will always be at least 64 characters: 128 bits of IV followed by 128 bits of ciphertext block 1.
You could therefore look for strings of the right length that contain only [0-9a-f]. They are probably encrypted because I suspect few people can use a 64-character string of randomness as their real password.
If they're base64 encoded then the strings will be a different length, obviously.
This doesn't guarantee that you can always detect an encrypted password but it's probably not too bad.
I'm writing small program to encrypt/decrypt files using AES. I'm using Cryptopp library.
I need help to understand some things.
When I'm encrypting file I should write IV at the beginning of file to decrypt it later?
I wan't to check password given do decrypt file was correct. Should I:
put some string at beginning of file (ex. TRUE) before it's encrypted. After decryption check it.
Check MD5 of file before encryption. Put it at beginning of encrypted file. Read MD5 before decryption, decrypt file, check MD5 of decrypted file and compare them.
Writing the IV at the beginning of the file is fine. Appending to the end is another option.
Do not put a static string into the plaintext: ENIGMA transcripts were more easily broken for very similar reasons, and the zip format makes brute-forcing passwords very easy for this identical mistake.
The md5 approach sounds tolerable; but hmac-sha256 would provide significantly stronger integrity claims. (I think you could even re-use the AES key or the IV for hmac-sha256, but I'm not positive of its safety.)