Domů Procházet Nápověda
Registrovat se Přihlásit se
samien
/
RakNet
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: master
Větve Značky
RakNet
/
DependentExtensions
/
cat
/
crypt
/
pass
/
Passwords.hpp

Passwords.hpp 6.6 KB
Trvalý odkaz Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 
  1. /*
    2. 

  2. 	Copyright (c) 2009-2010 Christopher A. Taylor.  All rights reserved.
    3. 

  3. 

  4. 	Redistribution and use in source and binary forms, with or without
    5. 

  5. 	modification, are permitted provided that the following conditions are met:
    6. 

  6. 

  7. 	* Redistributions of source code must retain the above copyright notice,
    8. 

  8. 	  this list of conditions and the following disclaimer.
    9. 

  9. 	* Redistributions in binary form must reproduce the above copyright notice,
    10. 

  10. 	  this list of conditions and the following disclaimer in the documentation
    11. 

  11. 	  and/or other materials provided with the distribution.
    12. 

  12. 	* Neither the name of LibCat nor the names of its contributors may be used
    13. 

  13. 	  to endorse or promote products derived from this software without
    14. 

  14. 	  specific prior written permission.
    15. 

  15. 

  16. 	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    17. 

  17. 	AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    18. 

  18. 	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    19. 

  19. 	ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
    20. 

  20. 	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    21. 

  21. 	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    22. 

  22. 	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    23. 

  23. 	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    24. 

  24. 	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    25. 

  25. 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    26. 

  26. 	POSSIBILITY OF SUCH DAMAGE.
    27. 

  27. */
    28. 

  28. 

  29. #ifndef CAT_PASSWORDS_HPP
    30. 

  30. #define CAT_PASSWORDS_HPP
    31. 

  31. 

  32. #include <cat/rand/IRandom.hpp>
    33. 

  33. 

  34. namespace cat {
    35. 

  35. 

  36. 

  37. /*
    38. 

  38. 	Why are passwords needed?
    39. 

  39. 

  40. 		Passwords allow the client identity to be proved to the server.  Usually
    41. 

  41. 		the server identity is already proven by a secure connection, but the
    42. 

  42. 		client identity is unproven until a password is provided.
    43. 

  43. 

  44. 		This could be done using signatures with two-way authentication in the
    45. 

  45. 		secure connection establishment, however this is very slow and roughly
    46. 

  46. 		doubles the work a server has to do to accept a connection.
    47. 

  47. 

  48. 	Passwords seem simple to implement at first but then you start imagining all
    49. 

  49. 	the "what ifs":
    50. 

  50. 

  51. 	What if the password database is stolen?
    52. 

  52. 

  53. 		The user passwords had better not be stored in plaintext!
    54. 

  54. 		So they must be hashed.
    55. 

  55. 

  56. 	What if two users have the same password?
    57. 

  57. 

  58. 		They would look the same hashed, so hash in the name with the password.
    59. 

  59. 

  60. 	What if name:password for two users is "me : pass" and "m : epass" ?
    61. 

  61. 

  62. 		They would look the same hashed, so insert a separator between the two
    63. 

  63. 		before hashing, as in "me\r\npass" instead of just hashing "mepass".
    64. 

  64. 

  65. 	What if someone tries to crack the passwords?
    66. 

  66. 

  67. 		The password hash should be strengthened to make it harder to crack,
    68. 

  68. 		by applying the hash function repeatedly.  This does reduce the number of
    69. 

  69. 		bits of entropy due to non-ideal hash function collisions, but this small
    70. 

  70. 		effect is offset by the added difficulty to crack the password.
    71. 

  71. 

  72. 	What if the user has a common name like "dave"?
    73. 

  73. 

  74. 		The password hash should be salted to avoid falling to rainbow tables.
    75. 

  75. 

  76. 	What if the attacker tries to use the stolen password hash to log into the server?
    77. 

  77. 

  78. 		The client provides a hash pre-image during login, so the attacker would need
    79. 

  79. 		to reverse the hash to do this, which is harder than cracking the password.
    80. 

  80. 

  81. 	What if an attacker has a way to actively or passively listen to login attempts?
    82. 

  82. 

  83. 		Then they would be able to steal the hash pre-image which would offer some
    84. 

  84. 		amount of text password protection but would allow the attacker to log in
    85. 

  85. 		as the user without knowing the password.
    86. 

  86. 

  87. 		Rainbow tables can be used to crack the pre-image to determine the password.
    88. 

  88. 

  89. 		If the connection is secure then the client has verified the server identity
    90. 

  90. 		and these attacks are only possible through software bugs in the server.
    91. 

  91. 

  92. 

  93. 	Protocol Description:
    94. 

  94. 

  95. 		H: 256-bit hash function Skein-256
    96. 

  96. 		c: Client
    97. 

  97. 		s: Server
    98. 

  98. 		X: Strengthening factor
    99. 

  99. 

  100. 

  101. 	Protocol 1: Creating a User Account
    102. 

  102. 

  103. 		c: Choose a name N
    104. 

  104. 		c: Choose a password P
    105. 

  105. 		c: Calculate I = H("N\r\nP") strengthened X times
    106. 

  106. 

  107. 		c2s CREATE_ACCOUNT || N || I (32 by)
    108. 

  108. 

  109. 		s: Verify account is not taken, then creates an account in the database
    110. 

  110. 		s: Generate a 32-bit random salt S
    111. 

  111. 		s: Calculate J = H(S || I)
    112. 

  112. 		s: Store N, J and S in the account
    113. 

  113. 

  114. 		s2c ACCOUNT_CREATE_SUCCESS
    115. 

  115. 

  116. 

  117. 	Protocol 2: Logging into a User Account
    118. 

  118. 

  119. 		c: Choose a name N
    120. 

  120. 		c: Choose a password P
    121. 

  121. 		c: Calculate I = H("N\r\nP") strengthened X times
    122. 

  122. 

  123. 		c2s LOGIN_REQUEST || N || I (32 by)
    124. 

  124. 

  125. 		s: Verify user name exists in account database
    126. 

  126. 		s: Retrieve J, S from the account database
    127. 

  127. 		s: Calculate J' = H(S || I)
    128. 

  128. 		s: Verify J = J'
    129. 

  129. 

  130. 		s2c LOGIN_SUCCESS
    131. 

  131. 

  132. 

  133. 	What if the user creates an account through a website?
    134. 

  134. 

  135. 		The server-side script on the website should execute a program that runs
    136. 

  136. 		Protocol 1 to create the user account.
    137. 

  137. 

  138. 	Why use this sort of password authentication + Tunnel instead of SRP?
    139. 

  139. 

  140. 		Performance.  The Tunnel key agreement takes much less CPU time than SRP
    141. 

  141. 		and authenticates the server, which allows this protocol to be run without
    142. 

  142. 		any disadvantages.
    143. 

  143. */
    144. 

  144. 

  145. 

  146. class PasswordBase
    147. 

  147. {
    148. 

  148. public:
    149. 

  149. 	static const int HASH_BITS = 256;
    150. 

  150. 	static const int HASH_BYTES = HASH_BITS / 8;
    151. 

  151. 	static const int STRENGTHENING_FACTOR = 1000;
    152. 

  152. };
    153. 

  153. 

  154. 

  155. class PasswordCreator : public PasswordBase
    156. 

  156. {
    157. 

  157. public:
    158. 

  158. 	// Hash a password for transmission to the server during account creation or login
    159. 

  159. 	// NOTE: You should make the name all lowercase before passing it in
    160. 

  160. 	// Returns false on failure
    161. 

  161. 	bool HashPassword(const void *in_name, int name_bytes,
    162. 

  162. 					  const void *in_password, int password_bytes,
    163. 

  163. 					  void *out_hash /* 32 bytes */);
    164. 

  164. 

  165. 	// This version accepts non-unicode C strings with nul-terminators
    166. 

  166. 	// It converts the name to lowercase internally
    167. 

  167. 	bool HashPasswordString(const char *in_name,
    168. 

  168. 							const char *in_password,
    169. 

  169. 							void *out_hash /* 32 bytes */);
    170. 

  170. };
    171. 

  171. 

  172. class PasswordVerifier : public PasswordBase
    173. 

  173. {
    174. 

  174. public:
    175. 

  175. 	// Salt a hash for storage in the account database during account creation
    176. 

  176. 	// Generates a 32-bit salt and a 256-bit hash for storage
    177. 

  177. 	// Returns false on failure
    178. 

  178. 	bool SaltHash(IRandom *prng,
    179. 

  179. 				  const void *in_hash /* 32 bytes */,
    180. 

  180. 				  void *out_salted_hash /* 32 bytes */,
    181. 

  181. 				  u32 *out_salt /* 4 bytes */);
    182. 

  182. 

  183. 	// Given the stored salted hash and salt, verify the client's password hash during login
    184. 

  184. 	// Returns false if password is incorrect
    185. 

  185. 	bool VerifyHash(const void *in_hash /* 32 bytes */,
    186. 

  186. 					const void *in_salted_hash /* 32 bytes */,
    187. 

  187. 					u32 in_salt /* 4 bytes */);
    188. 

  188. };
    189. 

  189. 

  190. 

  191. } // namespace cat
    192. 

  192. 

  193. #endif // CAT_PASSWORDS_HPP
    194.
粤ICP备19079148号