Verbesserung login speed und sicherheit durch randomisierung der iterationssschritte

2022-02-01 16:17:59 +01:00
parent c365e628fc
commit d70f989a3b
5 changed files with 2473 additions and 2440 deletions
--- a/App_Code/TestPerformance.vb
+++ b/App_Code/TestPerformance.vb
@@ -178,9 +178,9 @@ Public Class TestPerformance
        For zahl As Integer = 0 To zahlint
            sw1.Start()
            If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
-                hashsalts.Add(VERAG_VARIABLES.GenerateSalt(VERAG_VARIABLES.RandomInteger(95, 254)))
+                hashsalts.Add(VERAG_VARIABLES.GenerateSalt(VERAG_VARIABLES.RandomInteger(95, 104)))
            Else
-                hashsalts.Add(VERAG_VARIABLES.GenerateSalt(VERAG_VARIABLES.RandomInteger(95, 365)))
+                hashsalts.Add(VERAG_VARIABLES.GenerateSalt(VERAG_VARIABLES.RandomInteger(95, 105)))
            End If
            arrzahl_iterats.Add(VERAG_VARIABLES.RandomInteger(25, 45))
            arrzahl.Add(zahlint)
@@ -192,7 +192,7 @@ Public Class TestPerformance
        If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
            pw = "PasswordV$S" + VERAG_VARIABLES.RandomInteger(115, 120 + (zahlint - 5)).ToString + "!!%"
        Else
-            pw = "&WAS5$WdA&" + VERAG_VARIABLES.RandomInteger(VERAG_VARIABLES.RandomInteger(120, 512), VERAG_VARIABLES.RandomInteger(300, 8423) + (zahlint - VERAG_VARIABLES.RandomInteger(5, 17))).ToString + "#*p(=+UY"
+            pw = "&WAS5$WdA&" + VERAG_VARIABLES.RandomInteger(VERAG_VARIABLES.RandomInteger(120, 512), VERAG_VARIABLES.RandomInteger(300, Math.Pow(2, 13) + (zahlint - VERAG_VARIABLES.RandomInteger(5, 17))).ToString + "#*p(=+UY")
        End If
        For zahl As Integer = 0 To zahlint
            sw2.Start()
--- a/App_Code/VERAG_VARIABLES.vb
+++ b/App_Code/VERAG_VARIABLES.vb
@@ -4,14 +4,27 @@ Imports Konscious.Security.Cryptography
 Imports System.Threading.Tasks
 Imports System.Web.Script.Services
 Imports System.Web.Services
+Imports System.Management

 Public Class VERAG_VARIABLES
    Public Shared errornumb As Integer = 0
+    Public Shared Function GetCpuSpeed() As UInteger
+        Dim managementObject = New ManagementObject("Win32_Processor.DeviceID='CPU0'")
+        Dim speed As UInteger = CUInt(managementObject("CurrentClockSpeed"))
+        managementObject.Dispose()
+        Return speed
+    End Function
+    Public Shared Function GetMaxCpuSpeed() As UInteger
+        Dim managementObject = New ManagementObject("Win32_Processor.DeviceID='CPU0'")
+        Dim speed As UInteger = CUInt(managementObject("MaxClockSpeed"))
+        managementObject.Dispose()
+        Return speed
+    End Function
    Shared Function getiterationnumber() As Integer
        If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
-            Return RandomInteger(Math.Pow(2, 8), Math.Pow(2, 16))
+            Return RandomInteger(Math.Pow(2, 2), (0.45 * GetCpuSpeed()))
        Else
-            Return RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
+            Return RandomInteger(Math.Pow(2, 3), (0.47 * GetMaxCpuSpeed()))
        End If
    End Function

@@ -44,14 +57,14 @@ Public Class VERAG_VARIABLES
            Argon.Salt = salt
            Argon.DegreeOfParallelism = 28
            Argon.Iterations = nIterations * VERAG_VARIABLES.RandomInteger(2, 3)
-            Argon.MemorySize = (((nIterations * 15.98 - (nIterations * 10.23) / 14 * 2) / 4.058) + 1 * 190)
+            Argon.MemorySize = (((nIterations * 9.98 - (nIterations * 10.23) / 14 * 2) / 4.058) + 1 * 190)
            Return Argon.GetBytes(nHash)
        Else
            Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(password)))
            Argon.Salt = salt
-            Argon.DegreeOfParallelism = 48
+            Argon.DegreeOfParallelism = 18
            Argon.Iterations = nIterations * VERAG_VARIABLES.RandomInteger(2, 4)
-            Argon.MemorySize = (((nIterations * 17.98 - (nIterations * 10.23) / 1.85 * 2.28) / 10.28) + 1024 * 878) / 13.1
+            Argon.MemorySize = (((nIterations * 9.88 - (nIterations * 10.23) / 8.85 * 2.28) / 10.28) + 2 * 878) / 13.1
            Return Argon.GetBytes(nHash)
        End If

@@ -69,9 +82,9 @@ Public Class VERAG_VARIABLES
        Else
            Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(password)))
            Argon.Salt = salt
-            Argon.DegreeOfParallelism = 48
+            Argon.DegreeOfParallelism = 28
            Argon.Iterations = nIterations * VERAG_VARIABLES.RandomInteger(2, 4)
-            Argon.MemorySize = (((nIterations * 17.98 - (nIterations * 10.23) / 1.85 * 2.28) / 10.28) + 1024 * 878) / 13.1
+            Argon.MemorySize = (((nIterations * 10.88 - (nIterations * 10.23) / 2.85 * 2.28) / 10.28) + 2 * 178) / 13.1
            Return Await Argon.GetBytesAsync(nHash)
        End If
    End Function
--- a/VERAG_Homepage/{11EF0CDA-BC19-40FB-91C4-25C81F3A27AC}/CodeAnalysisLog.xml
+++ b/VERAG_Homepage/{11EF0CDA-BC19-40FB-91C4-25C81F3A27AC}/CodeAnalysisLog.xml
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -893,7 +893,7 @@ Partial Class ForgotPW
        Dim tokentest As String = Await genToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID)
        Dim hashtoken As Byte()
        Dim iterationnumb As Integer = VERAG_VARIABLES.getiterationnumber
-        Dim intzahl1 As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 6), Math.Pow(2, 10))
+        Dim intzahl1 As Integer = VERAG_VARIABLES.RandomInteger(95, Math.Pow(2, 10))
        'MsgBox(salttoken)
        If Session.Item("TokenforEmail") = Nothing Then
            tokentest = Await genToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID)