edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hashfunktion und Saltgenerierung funktionieren wieder wie angenommen.

Browse Source
This commit is contained in:
ja
2021-12-22 11:23:55 +01:00
parent 7e52a02586
commit a833f5a7f6
13 changed files with 137 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
login/ForgotPW.aspx.vb
View File

@@ -7,16 +7,18 @@ Imports System.Data
Imports System.Threading
Imports System.Threading.Tasks
Imports System.Security.Cryptography
Imports System.Numerics
Partial Class ForgotPW
Inherits System.Web.UI.Page
Dim ConnectionString As String = String.Empty
Dim salt As Byte()
Dim zahlrand As Integer
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
If Page.IsPostBack = True Then
Page.MaintainScrollPositionOnPostBack = True
VERAG_VARIABLES.initerrorcount()
salt = VERAG_VARIABLES.GenerateSalt(RandomInteger(Math.Pow(2, 3), Math.Pow(2, 10)))
zahlrand = RandomInteger(Math.Pow(2, 3), Math.Pow(2, 7))
salt = VERAG_VARIABLES.GenerateSalt(zahlrand)
Else
Page.MaintainScrollPositionOnPostBack = False
VERAG_VARIABLES.initerrorcount()
@@ -215,7 +217,7 @@ Partial Class ForgotPW
tokenname = Session.Item("TokenforEmail")
End If
Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10))
Dim hashdata As Byte() = VERAG_VARIABLES.HashPassword(tokenname, salt, VERAG_VARIABLES.getiterationnumber, intzahl)
Dim hashdata As Byte() = VERAG_VARIABLES.HashPassword(tokenname, VERAG_VARIABLES.GenerateSalt(intzahl), VERAG_VARIABLES.getiterationnumber, intzahl)
Session.Add("TokenHashtokenized", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(hashdata)))
If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then
'password = RandomString(New Random, 10)
@@ -609,7 +611,7 @@ Partial Class ForgotPW
Async Function Findtokenhashsalt(username As String, password As String, email As String, customerID As String, isusernameright As Boolean, isuserIDright As Boolean, isuserEmailright As Boolean, isnewsess As Boolean, UserID As String) As Task(Of String)
Dim t As Task(Of String)
t = Task.Run(Async Function() As Task(Of String)
Return gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID)
Return gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID, VERAG_VARIABLES.RandomInteger(Math.Pow(2, 4), Math.Pow(2, 7)))
End Function)
Return Await t
End Function
@@ -758,22 +760,20 @@ Partial Class ForgotPW
Return min + (max - min) * (one_byte(0) / 255)
End Function
Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String, intz As Integer) As String
If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As Byte()
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
Dim intzahliterats = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 10))
Dim intzahl = RandomInteger(Math.Pow(2, 4), Math.Pow(2, 7))
Dim intzahl2 = RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10))
Dim intzahliterats = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 11))
Dim Rand As Random = New Random
If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
token = VERAG_VARIABLES.HashPassword(tok, VERAG_VARIABLES.GenerateSalt(intz), intzahliterats, intzahl)
Return Convert.ToBase64String(token)
Else
@@ -843,8 +843,7 @@ Partial Class ForgotPW
Dim tokentest As String = genToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID)
Dim hashtoken As Byte()
Dim iterationnumb As Integer = VERAG_VARIABLES.getiterationnumber
Dim nzahl As Integer = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
'Dim salttoken As String = gensaltToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID)
Dim intzahl1 As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 6), Math.Pow(2, 10))
'MsgBox(salttoken)
If Session.Item("TokenforEmail") = Nothing Then
tokentest = genToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID)
@@ -853,8 +852,9 @@ Partial Class ForgotPW
Else
tokentest = Session.Item("TokenforEmail")
End If
hashtoken = VERAG_VARIABLES.HashPassword(tokentest, salt, iterationnumb, nzahl)
If VERAG_VARIABLES.Verifyhash(tokentest, salt, hashtoken, iterationnumb, nzahl) = True Then
salt = VERAG_VARIABLES.GenerateSalt(intzahl1)
hashtoken = VERAG_VARIABLES.HashPassword(tokentest, salt, iterationnumb, intzahl1)
If VERAG_VARIABLES.Verifyhash(tokentest, salt, hashtoken, iterationnumb, intzahl1) = True Then
If SendEmail(username, Passw, email, tokentest, CustomerID, True, True, True, False, TheusrID) = True Then
'password = RandomString(New Random, 10)
If getDateoftoken(tokentest) = True Then