Änderungen codegenierung und verhashung pw

App_Code/VERAG_VARIABLES.vb

@@ -4,7 +4,7 @@ Imports Konscious.Security.Cryptography
 Public Class VERAG_VARIABLES
     Public Shared errornumb As Integer = 0
     Shared Function getiterationnumber() As Integer
-        Return RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10))
+        Return RandomInteger(Math.Pow(2, 5), Math.Pow(2, 10))
     End Function
 
     Shared Sub initerrorcount()
@@ -35,15 +35,15 @@ Public Class VERAG_VARIABLES
             Argon.Salt = salt
             Argon.DegreeOfParallelism = 24
             Argon.Iterations = nIterations * 2
-            Argon.MemorySize = (((nIterations * 2.98 - (nIterations * 1.23) / 4 * 1.5) / 1.05) + 1 * 290)
+            Argon.MemorySize = (((nIterations * 4.98 - (nIterations * 1.23) / 4 * 1.5) / 1.05) + 1 * 290)
 
             Return Argon.GetBytes(nHash)
         Else
             Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(password)))
-            Argon.Salt = GenerateSalt(nHash)
+            Argon.Salt = salt
-            Argon.DegreeOfParallelism = 48
+            Argon.DegreeOfParallelism = 50
-            Argon.Iterations = nIterations * 3
+            Argon.Iterations = nIterations * VERAG_VARIABLES.RandomInteger(1, 3)
-            Argon.MemorySize = (((nIterations * 2.485 - (nIterations * 0.56) / 1.85 * 2.28) / 5.18) + 1.024 * 416)
+            Argon.MemorySize = (((nIterations * 8.485 - (nIterations * 0.56) / 1.85 * 2.28) / 8.28) + 1.024 * 416)
             Return Argon.GetBytes(nHash)
         End If
 

login/Change_PW.aspx.vb

@@ -7,7 +7,7 @@ Imports Konscious.Security.Cryptography
 
 Partial Class login_Change_PW
     Inherits System.Web.UI.Page
-    Dim intzahl As Integer = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
+    Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
     Dim intzahliterats As Integer = VERAG_VARIABLES.getiterationnumber
     Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
@@ -573,11 +573,4 @@ Partial Class login_Change_PW
             Return String.Empty
         End If
     End Function
-    Shared Function RandomInteger(ByVal min As Integer, ByVal _
-    max As Integer) As Integer
-        Dim rand As New RNGCryptoServiceProvider()
-        Dim one_byte() As Byte = {0}
-        rand.GetBytes(one_byte)
-        Return min + (max - min) * (one_byte(0) / 255)
-    End Function
 End Class

login/ForgotPW.aspx.vb

@@ -636,7 +636,7 @@ Partial Class ForgotPW
                 Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
                 Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
                 Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
-                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
+                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
             ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
                 getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
                 'MsgBox(getdomianenvironment)
@@ -649,7 +649,7 @@ Partial Class ForgotPW
                 Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
                 Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
                 Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
-                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
+                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
             ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
                 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
                 lblMessage.ForeColor = Color.OrangeRed

login/login_FLEX.aspx.vb

@@ -14,9 +14,8 @@ Partial Class login_FLEX
         VERAG_VARIABLES.initerrorcount()
         If Page.IsPostBack = True Then
             Page.MaintainScrollPositionOnPostBack = True
-            intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 8), Math.Pow(2, 10))
+
             intzahliterats = VERAG_VARIABLES.getiterationnumber
-            salt = VERAG_VARIABLES.GenerateSalt(intzahl)
         Else
             Page.MaintainScrollPositionOnPostBack = False
         End If
@@ -116,6 +115,8 @@ Partial Class login_FLEX
             reqfieldvalpassw_M.Enabled = False
             reqfieldvalpassw.Validate()
             If reqfieldvalpassw.IsValid = True Then
+                intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
+                Dim hashpw1 As Byte() = VERAG_VARIABLES.HashPassword(tb3_M.Text, salt, intzahliterats, intzahl)
                 passw = tb3.Text
             End If
         End If
@@ -123,6 +124,8 @@ Partial Class login_FLEX
             reqfieldvalpassw.Enabled = False
             reqfieldvalpassw_M.Enabled = True
             reqfieldvalpassw_M.Validate()
+            intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 6), Math.Pow(2, 10))
+            Dim hashpw1_M As Byte() = VERAG_VARIABLES.HashPassword(tb3_M.Text, salt, intzahliterats, intzahl)
             If reqfieldvalpassw_M.IsValid = True Then
                 passw = tb3_M.Text
             Else
@@ -140,9 +143,10 @@ Partial Class login_FLEX
                 cmd.Parameters.AddWithValue("@Password", passw)
                 cmd.Connection = con
                 con.Open()
+                cmd.ExecuteScalar()
                 ' userId = Convert.ToInt32(cmd.ExecuteScalar())
                 Dim dr As SqlDataReader = cmd.ExecuteReader()
-                If dr.HasRows Then
+                If dr.HasRows = True Then
                     dr.Read()
                     'MsgBox(dr.Item(0).ToString())
                     Select Case dr.Item(0)
@@ -167,7 +171,9 @@ Partial Class login_FLEX
                                 VERAG_VARIABLES.seterrorcount(8)
                                 Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
                             End If
-                            If tb3.Text = dr("Password") Then
+                            If String.Equals(tb3.Text, dr("Password")) = True Then
+                                intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 6), Math.Pow(2, 10))
+                                salt = VERAG_VARIABLES.GenerateSalt(intzahl)
                                 Dim hashpw As Byte() = VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
                                 If VERAG_VARIABLES.Verifyhash(dr("Password").ToString, salt, hashpw, intzahliterats, intzahl) = True Then
                                     passw = dr("Password").ToString
@@ -179,6 +185,7 @@ Partial Class login_FLEX
                                 Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
                             End If
 
+
                             'MsgBox("Erfolgreich validiert.")
                             Session.Add("test", UserNaMe)
                             Session.Add("CustomerID", Customer_ID)