Implementierung einer besseren Radom und rechenintensiveren Hash-Aart
This commit is contained in:
ja
@@ -1,10 +1,13 @@
|
||||
|
||||
Imports System.Data.SqlClient
|
||||
Imports System.Security.Cryptography
|
||||
Imports System.Threading.Tasks
|
||||
|
||||
Partial Class login_Change_PW
|
||||
Inherits System.Web.UI.Page
|
||||
|
||||
Dim intzahl As Integer = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
|
||||
Dim intzahliterats As Integer = VERAG_VARIABLES.getiterationnumber
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
|
||||
Dim url = Request.ServerVariables("URL")
|
||||
Session.Add("urltochangepw", url)
|
||||
@@ -124,7 +127,7 @@ Partial Class login_Change_PW
|
||||
MsgBox("")
|
||||
End Sub
|
||||
|
||||
Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
|
||||
Protected Async Sub btn_submitpw_Click(sender As Object, e As EventArgs)
|
||||
Dim tempstr As String = ""
|
||||
Dim UsernameDB As String = String.Empty
|
||||
Dim pwDB As String = String.Empty
|
||||
@@ -235,10 +238,10 @@ Partial Class login_Change_PW
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As String = gensaltPassw(UsernameDB, pwDB, EmailDB, Session.IsNewSession)
|
||||
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(UsernameDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
|
||||
If regexval_txt_Pw.IsValid = True Then
|
||||
If String.Equals(isPasswhash, isPasswDBhash) = False Then
|
||||
If Await VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
@@ -351,7 +354,7 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End Sub
|
||||
|
||||
Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
|
||||
Protected Async Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
|
||||
Dim tempstr As String = ""
|
||||
Dim pwDB As String = String.Empty
|
||||
Dim EmailDB As String = String.Empty
|
||||
@@ -406,28 +409,28 @@ Partial Class login_Change_PW
|
||||
If dr.HasRows Then
|
||||
dr.Read()
|
||||
tempstr = txt_Pw_M.Text
|
||||
EmailDB = dr("Email").ToString
|
||||
pwDB = dr("Password").ToString
|
||||
usrnmDB = dr("Username").ToString
|
||||
TheUsrIdDB = dr("UserId").ToString
|
||||
customerIDDB = dr("KundenNr").ToString
|
||||
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
|
||||
isemailright = True
|
||||
End If
|
||||
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
||||
ispwrEqual = False
|
||||
End If
|
||||
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
|
||||
isUSrIDright = True
|
||||
End If
|
||||
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
|
||||
isctmrIDright = True
|
||||
End If
|
||||
EmailDB = dr("Email").ToString
|
||||
pwDB = dr("Password").ToString
|
||||
usrnmDB = dr("Username").ToString
|
||||
TheUsrIdDB = dr("UserId").ToString
|
||||
customerIDDB = dr("KundenNr").ToString
|
||||
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
|
||||
isemailright = True
|
||||
End If
|
||||
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
||||
ispwrEqual = False
|
||||
End If
|
||||
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
|
||||
isUSrIDright = True
|
||||
End If
|
||||
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
|
||||
isctmrIDright = True
|
||||
End If
|
||||
|
||||
If String.Compare(usrname, dr("Username")) = True Then
|
||||
If String.Compare(usrname, dr("Username")) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
End If
|
||||
@@ -454,10 +457,10 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As String = gensaltPassw(usrnmDB, pwDB, EmailDB, Session.IsNewSession)
|
||||
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(usrnmDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
|
||||
If regexval_txt_Pw.IsValid = True Then
|
||||
If String.Equals(isPasswhash, isPasswDBhash, StringComparison.CurrentCulture) = False Then
|
||||
If Await VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True AndAlso Await VERAG_VARIABLES.Verifyhash(pwDB, salt, isPasswDBhash, intzahliterats, intzahl) = True Then
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
@@ -522,79 +525,29 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End If
|
||||
End Sub
|
||||
Function gensaltPassw(username As String, password As String, email As String, isnewSession As Boolean) As String
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 8), Math.Pow(2, 12))
|
||||
|
||||
Async Function gensaltPasswAsync(username As String, password As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, email As String, isnewSession As Boolean) As Task(Of Byte())
|
||||
If isnewSession = False Then
|
||||
Dim token As String
|
||||
If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then
|
||||
If String.IsNullOrEmpty(password) = False Then
|
||||
Try
|
||||
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1491, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 901, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
End Try
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
End If
|
||||
Return String.Empty
|
||||
Else
|
||||
Return "Error in Session ID. It has changed. Please check admin!"
|
||||
Dim token As Byte()
|
||||
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Dim tok As String = password
|
||||
token = Await VERAG_VARIABLES.HashPassword(password, salt, intzahliterats, intzahl)
|
||||
Return token
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function gennewsaltToken(username As String, password As String, email As String, CustomerID As String, isnewSession As Boolean, theUserID As String) As String
|
||||
Async Function gennewsaltToken(username As String, password As String, email As String, salt As Byte(), CustomerID As String, intzahlits As Integer, intzahl As Integer, isnewSession As Boolean, theUserID As String) As Task(Of String)
|
||||
If isnewSession = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim Rand As Random = New Random
|
||||
If String.IsNullOrEmpty(theUserID) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahlits, intzahl)
|
||||
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
@@ -603,72 +556,33 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function gensaltToken(STrings As String) As String
|
||||
Async Function gensaltTokenAsync(STrings As String) As Task(Of String)
|
||||
If String.IsNullOrEmpty(STrings) = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
Dim Rand As Random = New Random
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = STrings
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
|
||||
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Return Convert.ToBase64String(token)
|
||||
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
|
||||
End Try
|
||||
Else
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
Dim intzahliterats = RandomInteger(Math.Pow(2, 10), Math.Pow(2, 12))
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim Rand As Random = New Random
|
||||
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = STrings
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = STrings
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
|
||||
|
||||
End Try
|
||||
Return Convert.ToBase64String(token)
|
||||
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
End If
|
||||
End Function
|
||||
Public Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
Shared Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
max As Integer) As Integer
|
||||
Dim rand As New RNGCryptoServiceProvider()
|
||||
Dim one_byte() As Byte = {0}
|
||||
|
||||
Reference in New Issue
Block a user