From 8529caaa5c87b94dc7f985f8f6d14fc1c955cf2e Mon Sep 17 00:00:00 2001
From: ja <ja@verag.ag>
Date: Thu, 2 Dec 2021 14:26:02 +0100
Subject: [PATCH] Hashfunktionen wurden implementiert!

---
 login/Change_PW.aspx.vb |  4 ++--
 login/ForgotPW.aspx.vb  | 12 ++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb
index 0212dea..d00b036 100644
--- a/login/Change_PW.aspx.vb
+++ b/login/Change_PW.aspx.vb
@@ -525,7 +525,7 @@ Partial Class login_Change_PW
         If isnewSession = False Then
             Dim token As String
             If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then
-                Dim intzahl = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
+                Dim intzahl = RandomInteger(Math.Pow(2, 8), Math.Pow(2, 16))
                 Dim Rand As Random = New Random
                 If String.IsNullOrEmpty(password) = False Then
                     Try
@@ -534,7 +534,7 @@ Partial Class login_Change_PW
                         token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
                         Return token
                     Catch Ex As Exception
-                        Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
+                        Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 13))
                         'Dim Msg, Style, Title As String
                         'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
                         'Style = vbRetry + vbExclamation + vbDefaultButton1
diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb
index 7804e76..9bbd853 100644
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -763,14 +763,16 @@ Partial Class ForgotPW
             Dim Key() As Byte = Guid.NewGuid().ToByteArray()
             Dim token As String
 
-            Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8))
-            Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6))
+            Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
+            Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
             Dim Rand As Random = New Random
             If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
                 Try
                     Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
                     Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
-                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
+                    salt = String.Empty
+                    tok = String.Empty
                     Return token
                 Catch Ex As Exception
                     'Dim Msg, Style, Title As String
@@ -782,7 +784,9 @@ Partial Class ForgotPW
                     'genToken(username, password, email)
                     Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
                     Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
-                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2))
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
+                    salt = String.Empty
+                    tok = String.Empty
                     Return token
 
                 End Try