From tsubidio at gmail.com Sun Sep 13 20:52:42 2009 From: tsubidio at gmail.com (cc10) Date: Sun, 13 Sep 2009 11:52:42 -0700 (PDT) Subject: Newbie help - password hash Message-ID: <25425990.post@talk.nabble.com> Hi, I am very new to libgcrypt. I am trying to write a simple system, where a user in order to login needs a password. I'd like to store this password hashed in md5 on the computer. This is what I did so far: char userPass[16]; // password of the user (string) scanf("%s", &userPass); char userPassHash[16]; // hash of the password gcry_md_hash_buffer(1, userPassHash, userPass, strlen(userPass)); I was hoping that userPassHash would give me the hash of the password (which I then convert to hex for storage), but it is not the case. I am sure I am doing something stupid (my guess is that I cannot use the string as an input in the hash function, but I am not sure what type of input it needs to be). Can anyone help? Thank you, Charles -- View this message in context: http://www.nabble.com/Newbie-help---password-hash-tp25425990p25425990.html Sent from the GnuPG - Libgcrypt - Dev mailing list archive at Nabble.com. From bradh at frogmouth.net Mon Sep 14 12:21:00 2009 From: bradh at frogmouth.net (Brad Hards) Date: Mon, 14 Sep 2009 20:21:00 +1000 Subject: Newbie help - password hash In-Reply-To: <25425990.post@talk.nabble.com> References: <25425990.post@talk.nabble.com> Message-ID: <200909142021.00316.bradh@frogmouth.net> On Monday 14 September 2009 04:52:42 cc10 wrote: > char userPass[16]; // password of the user (string) > scanf("%s", &userPass); Nothing to do with gcrypt, but what do you think will happen if the user writes more than about 16 characters here? > char userPassHash[16]; // hash of the password > gcry_md_hash_buffer(1, userPassHash, userPass, strlen(userPass)); You didn't post most of your code, so it is a bit difficult to know, but did you remember to initialize the library? If so, can you post a minimal compilable example that shows the problem? Brad From cmouse at desteem.org Mon Sep 14 13:46:20 2009 From: cmouse at desteem.org (Aki Tuomi) Date: Mon, 14 Sep 2009 14:46:20 +0300 Subject: Newbie help - password hash Message-ID: <20090914114620.GB29377@pi.ip.fi> On Sun, Sep 13, 2009 at 11:52:42AM -0700, cc10 wrote: > > Hi, > > I am very new to libgcrypt. I am trying to write a simple system, where a > user in order to login needs a password. I'd like to store this password > hashed in md5 on the computer. This is what I did so far: > > char userPass[16]; // password of the user (string) > scanf("%s", &userPass); This is dangerous, and wrong. scanf("%16s", userPass); is bit more correct. > > char userPassHash[16]; // hash of the password > gcry_md_hash_buffer(1, userPassHash, userPass, strlen(userPass)); > this is wrong, as well. You are supposed to say gcry_md_hash_buffer(GCRY_MD_MD5, userPassHash, userPass, strlen(userPass)); > I was hoping that userPassHash would give me the hash of the password (which > I then convert to hex for storage), but it is not the case. I am sure I am > doing something stupid (my guess is that I cannot use the string as an input > in the hash function, but I am not sure what type of input it needs to be). > Can anyone help? > > Thank you, > Charles > -- ----- End forwarded message ----- From tsubidio at gmail.com Mon Sep 14 15:11:17 2009 From: tsubidio at gmail.com (cc10) Date: Mon, 14 Sep 2009 06:11:17 -0700 (PDT) Subject: Newbie help - password hash In-Reply-To: <20090914114620.GB29377@pi.ip.fi> References: <25425990.post@talk.nabble.com> <20090914114620.GB29377@pi.ip.fi> Message-ID: <25435527.post@talk.nabble.com> >This is dangerous, and wrong. >scanf("%16s", userPass); is bit more correct. Thank you, will fix it. >gcry_md_hash_buffer(GCRY_MD_MD5, userPassHash, userPass, strlen(userPass)); Tried it both ways (1, and GCRY_MD_MD5), still won't give me the right hash. It is weird as it seems the beginning is right, and then it's a bunch of f's. -- View this message in context: http://www.nabble.com/Newbie-help---password-hash-tp25425990p25435527.html Sent from the GnuPG - Libgcrypt - Dev mailing list archive at Nabble.com. From cmouse at desteem.org Tue Sep 15 11:56:12 2009 From: cmouse at desteem.org (Aki Tuomi) Date: Tue, 15 Sep 2009 12:56:12 +0300 Subject: Newbie help - password hash In-Reply-To: <25435527.post@talk.nabble.com> References: <25425990.post@talk.nabble.com> <20090914114620.GB29377@pi.ip.fi> <25435527.post@talk.nabble.com> Message-ID: <20090915095612.GA11890@pi.ip.fi> On Mon, Sep 14, 2009 at 06:11:17AM -0700, cc10 wrote: > > >This is dangerous, and wrong. > > >scanf("%16s", userPass); is bit more correct. > > Thank you, will fix it. > > >gcry_md_hash_buffer(GCRY_MD_MD5, userPassHash, userPass, strlen(userPass)); > > Tried it both ways (1, and GCRY_MD_MD5), still won't give me the right hash. > It is weird as it seems the beginning is right, and then it's a bunch of > f's. > Did you initialize the library correctly? Here's how I would do this: { char pw[16]; char hash[16]; int i; if (!gcry_check_version(GCRYPT_VERSION)) exit(1); gcry_control(GCRYCTL_DISABLE_SECMEM, 0); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); fgets(pw, sizeof pw, stdin); // prevents buffer overflow gcry_md_hash_buffer(GCRY_MD_MD5, hash, pw, strlen(pw)); for (i = 0; i < sizeof hash; i++) printf("%02x", hash[i]); printf("\n"); } Aki Tuomi From pi00100100 at gmail.com Tue Sep 22 14:31:59 2009 From: pi00100100 at gmail.com (John Taylor) Date: Tue, 22 Sep 2009 14:31:59 +0200 Subject: Cannot cross-compile libgcrypt-1.4.4 Message-ID: Hello, I'm trying to cross-compile libgcrypt-1.4.4. Configure argument list is: --prefix=/usr --build=i486-unknown-linux-gnu --host=x86_64-unknown-linux-gnu. Make fails with the following error message: /bin/bash ../libtool --tag=CC --mode=link x86_64-unknown-linux-gnu-gcc -g -O2 -fvisibility=hidden -Wall -o version version.o ../src/libgcrypt.la mkdir .libs x86_64-unknown-linux-gnu-gcc -g -O2 -fvisibility=hidden -Wall -o .libs/version version.o ../src/.libs/libgcrypt.so ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_add_n' ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_submul_1' ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_lshift' ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_addmul_1' ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_mul_1' ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_sub_n' ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_rshift' collect2: ld returned 1 exit status make[2]: *** [version] Error 1 make[2]: Leaving directory `/mnt/clfs/sources/libgcrypt-build/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/mnt/clfs/sources/libgcrypt-build' make: *** [all] Error 2 Is this a bug perhaps? Thanks. From wk at gnupg.org Fri Sep 25 11:55:02 2009 From: wk at gnupg.org (Werner Koch) Date: Fri, 25 Sep 2009 11:55:02 +0200 Subject: Cannot cross-compile libgcrypt-1.4.4 In-Reply-To: (John Taylor's message of "Tue, 22 Sep 2009 14:31:59 +0200") References: Message-ID: <874oqruz61.fsf@vigenere.g10code.de> On Tue, 22 Sep 2009 14:31, pi00100100 at gmail.com said: > Is this a bug perhaps? Cross compiling is not always easy. However I know that it once worked. The commands I used then can be execute by running ./autogen-sh --build-amd64 instead of a manual configure run. Don't know wether this still works. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.