我正在尝试创建类似shadowfile的txt文件,我正在使用crypt来生成哈希。我通过终端要求密码,我生产一个伪随机盐。我在crypt函数中给出了这两个值,但它每次都会创建一个不同的哈希值,或者根本不会创建任何哈希值,我无法得到我的代码有什么问题。
#include<stdio.h>
#include<cstdlib>
#include<iostream>
#include<fstream>
#include<ctime>
#include<crypt.h>
#include<unistd.h>
using namespace std;
/*====== READ STRING DYNAMICALLY ======*/
char* readFromTerminal() {
int length = 0; //counts number of characters
char c; //holds last read character
char *input;
input = (char *) malloc(sizeof (char)); //Allocate initial memory
if (input == NULL) //Fail if allocating of memory not possible
{
printf("Could not allocate memory!");
exit(1);
}
while ((c = getchar()) != '\n') //until end of line
{
realloc(input, (sizeof (char))); //allocate more memory
input[length++] = c; //save entered character
}
input[length] = '\0'; //add terminator
return input;
}
/*====== GENERATE PSEUDO RANDOM SALT VALUE ======*/
char* generateSalt() {
const char alphanum[] =
"0123456789"
"!@#$%^&*"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"; //salt alphanum
int alphanumLength = sizeof (alphanum) - 1; // alphanum lenght
char *salt; //salt string
salt = (char *) malloc(sizeof (char)); //Allocate initial memory
if (salt == NULL) //Fail if allocating of memory not possible
{
printf("Could not allocate memory!");
exit(1);
}
srand(time(NULL));
for (int i = 0; i < 21; i++) {
realloc(salt, (sizeof (char))); //allocate more memory
salt[i] = alphanum[rand() % alphanumLength]; //generate a random character from the alphanum
}
salt[21] = '\0'; //add terminator
return salt;
}
/*====== MAIN ======*/
int main(int argc, char** argv) {
char *username, *password, *salt, *hash;
ofstream myshadow("myshadow.txt", ios::out);
cout << "Enter your username: ";
username = readFromTerminal();
cout << "Enter your password: ";
password = readFromTerminal();
salt = generateSalt();
hash = (char *) malloc(30 * sizeof (char)); //Allocate memory for hash
hash = crypt(password, salt);
myshadow << username << ":" << hash;
return 0;
}
答案 0 :(得分:1)
这里有很多需要改进的地方!
char * std::string
malloc和realloc,让我们认为问题很快就会到来手动内存管理需要非常谨慎的编程。错误是由realloc的错误使用引起的:size参数提供了新的总分配的大小,而不是增量。因此,您应该跟踪分配的大小,增加它并使用该新值调用realloc。由于realloc可能会返回一个新的内存块,因此您应该始终使用:
input = (char *) realloc(input, new_size);
BTW,generateSalt ...
但由于std::getline,所有内容都已包含在C ++中!此外,<random>模块带有很棒的生成器,当旧的rand遭受多个默认设置时(只需谷歌搜索 rand vs. random )
所以代码可以被删除到:
include<iostream>
#include<fstream>
#include<unistd.h>
#include <random>
using namespace std;
std::string generateSalt() {
const char alphanum[] =
"0123456789"
"!@#$%^&*"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"; //salt alphanum
std::random_device rd; //Will be used to obtain a seed for the random number engine
std::mt19937 gen(rd()); //Standard mersenne_twister_engine seeded with rd()
std::uniform_int_distribution<> dis(0, sizeof(alphanum)-1); //Uniform distribution on an interval
char salt[22]; // 21 useful characters in salt (as in original code)
for(char& c: salt) {
c = alphanum[dis(gen)];
}
salt[21] = 0;
return std::string(salt);
}
/*====== MAIN ======*/
int main(int argc, char** argv) {
string username, password, salt, hash;
ofstream myshadow("myshadow.txt", ios::out);
cout << "Enter your username: ";
if (! getline(cin, username)) return 1;
cout << "Enter your password: ";
if (! getline(cin, password)) return 1;
salt = generateSalt();
hash = crypt(password.c_str(), salt.c_str());
myshadow << username << ":" << hash;
return 0;
}
使用C ++字符串的另一个不错的副作用是自动处理分配和解除分配,无需调用free ......