Implementierung einer besseren Radom und rechenintensiveren Hash-Aart
This commit is contained in:
ja
@@ -605,8 +605,8 @@ Partial Class ForgotPW
|
||||
|
||||
Async Function Findtokenhashsalt(username As String, password As String, email As String, customerID As String, isusernameright As Boolean, isuserIDright As Boolean, isuserEmailright As Boolean, isnewsess As Boolean, UserID As String) As Task(Of String)
|
||||
Dim t As Task(Of String)
|
||||
t = Task.Run(Function() As String
|
||||
Return gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID)
|
||||
t = Task.Run(Async Function() As Task(Of String)
|
||||
Return Await gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID)
|
||||
End Function)
|
||||
Return Await t
|
||||
End Function
|
||||
@@ -755,39 +755,24 @@ Partial Class ForgotPW
|
||||
Return min + (max - min) * (one_byte(0) / 255)
|
||||
End Function
|
||||
|
||||
Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
|
||||
Async Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As Task(Of String)
|
||||
If isnewSession = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
|
||||
Dim intzahliterats = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 10))
|
||||
Dim Rand As Random = New Random
|
||||
If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
|
||||
|
||||
Return Convert.ToBase64String(token)
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
@@ -835,7 +820,6 @@ Partial Class ForgotPW
|
||||
End If
|
||||
End Function
|
||||
|
||||
|
||||
Function RandomString(r As Random, max As Integer) As String
|
||||
Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?="
|
||||
Dim sb As New StringBuilder
|
||||
|
||||
Reference in New Issue
Block a user