时间戳

首页 > 解决方案 > crypt in c++ returning different strings(or no string at all)

c++ - crypt in c++ returning different strings(or no string at all)

问题描述

I am trying to create a shadowfile-like txt file and I am using crypt to produce the hash. I ask for password via terminal and i produce a pseudo-random salt. I give these two values in crypt function but it creates a different hash everytime or nothing at all and I cannot get what's wrong with my code.

#include<stdio.h>
#include<cstdlib>
#include<iostream>
#include<fstream>
#include<ctime>
#include<crypt.h>
#include<unistd.h>


using namespace std;

/*====== READ STRING DYNAMICALLY ======*/

char* readFromTerminal() {

    int length = 0; //counts number of characters
    char c; //holds last read character
    char *input;

    input = (char *) malloc(sizeof (char)); //Allocate initial memory

    if (input == NULL) //Fail if allocating of memory not possible
    {
        printf("Could not allocate memory!");
        exit(1);
    }

    while ((c = getchar()) != '\n') //until end of line
    {
        realloc(input, (sizeof (char))); //allocate more memory
        input[length++] = c; //save entered character
    }

    input[length] = '\0'; //add terminator
    return input;
}

/*====== GENERATE PSEUDO RANDOM SALT VALUE ======*/

char* generateSalt() {

    const char alphanum[] =
            "0123456789"
            "!@#$%^&*"
            "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
            "abcdefghijklmnopqrstuvwxyz"; //salt alphanum

    int alphanumLength = sizeof (alphanum) - 1; // alphanum lenght

    char *salt; //salt string

    salt = (char *) malloc(sizeof (char)); //Allocate initial memory

    if (salt == NULL) //Fail if allocating of memory not possible
    {
        printf("Could not allocate memory!");
        exit(1);
    }

    srand(time(NULL));

    for (int i = 0; i < 21; i++) {
        realloc(salt, (sizeof (char))); //allocate more memory

        salt[i] = alphanum[rand() % alphanumLength]; //generate a random character from the alphanum
    }

    salt[21] = '\0'; //add terminator

    return salt;
}

/*====== MAIN ======*/
int main(int argc, char** argv) {

    char *username, *password, *salt, *hash;

    ofstream myshadow("myshadow.txt", ios::out);

    cout << "Enter your username: ";
    username = readFromTerminal();
    cout << "Enter your password: ";
    password = readFromTerminal();

    salt = generateSalt();
    hash = (char *) malloc(30 * sizeof (char)); //Allocate memory for hash
    hash = crypt(password, salt);

    myshadow << username << ":" << hash;
    return 0;
}

标签: c++linuxcrypt

解决方案

这里有很多需要改进的地方!

  • char *当 C++ 附带时,你使用 rawstd::string
  • 您使用明确mallocrealloc,仅此而已,让我们认为问题很快就会到来

手动内存管理需要非常谨慎的编程。这里的错误是由不正确的使用引起的realloc: size 参数给出了新的分配大小,而不是增量。因此,您应该跟踪分配的大小,增加它并使用该新值调用 realloc。并且realloc可能会返回一个新的内存块,您应该始终使用:

input = (char *) realloc(input, new_size);

generateSalt顺便说一句, ...中的等效问题

但是所有内容都已包含在 C++ 中,感谢std::getline!此外,当 old遭受许多默认值时,该<random>模块配备了出色的生成器(仅 google for rand vs. randomrand

所以代码可以被精简为:

include<iostream>
#include<fstream>
#include<unistd.h>
#include <random>


using namespace std;

std::string generateSalt() {

    const char alphanum[] =
            "0123456789"
            "!@#$%^&*"
            "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
            "abcdefghijklmnopqrstuvwxyz"; //salt alphanum

    std::random_device rd;  //Will be used to obtain a seed for the random number engine
    std::mt19937 gen(rd()); //Standard mersenne_twister_engine seeded with rd()
    std::uniform_int_distribution<> dis(0, sizeof(alphanum)-1); //Uniform distribution on an interval
    char salt[22];          // 21 useful characters in salt (as in original code)
    for(char& c: salt) {
        c = alphanum[dis(gen)];
    }
    salt[21] = 0;
    return std::string(salt);
}

/*====== MAIN ======*/
int main(int argc, char** argv) {

    string username, password, salt, hash;

    ofstream myshadow("myshadow.txt", ios::out);

    cout << "Enter your username: ";
    if (! getline(cin, username)) return 1;
    cout << "Enter your password: ";
    if (! getline(cin, password)) return 1;

    salt = generateSalt();
    hash = crypt(password.c_str(), salt.c_str());

    myshadow << username << ":" << hash;
    return 0;
}

使用 C++ 字符串的另一个好处是分配和释放是自动处理的,无需调用free...

推荐阅读