Are there any examples on this?
As I'm typing this, the server example comes to mind...
Is this the recommended way on how to handle username/password storage & authentication?
As I'm typing this, the server example comes to mind...
Is this the recommended way on how to handle username/password storage & authentication?
B4X:
Public Sub CheckCredentials(User As String, Password As String) As Boolean
Dim sq As SQL = pool.GetConnection
Dim rs As ResultSet = sq.ExecQuery2("SELECT hash, salt FROM b4j_users WHERE name = ? COLLATE utf8_unicode_ci", _
Array As Object(User))
Dim res As Boolean = False
If rs.NextRow Then
Dim hash() As Byte = CalcHash(Password, rs.GetBlob("salt"))
Dim storedHash() As Byte = rs.GetBlob("hash")
If hash.Length = storedHash.Length Then
res = True
For i = 0 To hash.Length - 1
If hash(i) <> storedHash(i) Then
res = False
Exit
End If
Next
End If
End If
rs.Close
sq.Close
Return res
End Sub
Public Sub AddUser(User As String, Password As String)
Dim salt(48) As Byte
Dim sr As SecureRandom
sr.GetRandomBytes(salt)
Dim hash() As Byte = CalcHash(Password, salt)
Dim sq As SQL = pool.GetConnection
sq.ExecNonQuery2("INSERT INTO b4j_users VALUES (?, ?, ?)", _
Array As Object(User, hash, salt))
sq.Close
End Sub
Public Sub CalcHash(Password As String, salt() As Byte) As Byte()
Dim md As MessageDigest
Dim spassword() As Byte = md.GetMessageDigest(Password.GetBytes("UTF8"), "SHA-512")
Dim pbAndSalt(spassword.Length + salt.Length) As Byte
Dim bc As ByteConverter
bc.ArrayCopy(spassword, 0, pbAndSalt, 0, spassword.Length)
bc.ArrayCopy(salt, 0, pbAndSalt, spassword.Length, salt.Length)
Return md.GetMessageDigest(pbAndSalt, "SHA-512")
End Sub
