MD5 encoding

Author: hansen@ahp-gmbh.de (-GHAN-)

Buenas Dias,

 

after having replied on "random function" it's time to do another request. By now everybody uses MD5 encoding for some purpose. Passwords, versioning and many other parts of an application are encoded via MD5 and have evolved all over any platform available. Finally Uniface could do so aswell.

Enabling Uniface to do MD5 would make workarounds via DBMS or 3GL obsolete!

 

Optionions on that are welcome!

 

Cheers,

 

-GHAN-

15 Comments

  1. Uniface provides means to use 3GL to provide additional features.
    Doing so it is not a "workaround" but the normal way to develop software.

    Why to force the lab to implement what is already existing?

    If it is a sheer issue of distributing dlls together with forms,
    we may find solutins for that as well.

    Success, Uli

    P.S. I set up a dITo-Project dITo3GL to assemble a DLL with all these functions.
    Would be nice to see requst there. 


    Author: ulrich-merkel (ulrichmerkel@web.de)
  2. ... a long time since this thread was alive, but...

    I would also like to have an MD5 function inside Uniface.

    Using an external 3GL means that my application is no longer seperated from the operating system, and I would consider this a workaround as we would need to write/compile/access multiple versions/components of the same functionality depending on where we deploy.

    BTW... Does this wish list get read by the Lab?  And how do these 'wishes' get prioritised?

    Thanks

     


    Author: discooctopus (disco@discooctopus.com)
  3. Hi disco,

    I can't agree with your argumentation about 3GL:
    - If under Windows, you use a DLL,
    - on platforms where you have to link your <appli>.exe and use just another object file.

    This is more or less what CPWR will do: a new DLL, a new OBJ.
    But other people (perhaps you yourself) can provide similar results.

    Success, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  4. But we, and I suspect many others, bought Uniface mostly because of it's vaunted OS independance. If we wanted to have experience in and compilers for various languages on various OSes, we'd have gone with something else...


    Author: Iain Sharp (i.sharp@pcisystems.co.uk)
  5. Hello Disco and FiresongKt,
     

    MD5 has been and will be a needed feature within the 4GL we chose back then. As i started this thread I fully agree with you.

    We are supposed to do UNIFACE 2.0 ... which comes along with the web 2.0 stuff like DSPs. MD5Base64en- and decoding and several other things should be "NATIVE" to us and not handmade.

    Today is monday- ... and I'm actually not in the mood to fight the windmills on my own. Maybe you  fellers put your ideas here and a I join in afterwards to get this claim up'n running!

     

    // GHAN - ... doesnt like the DSP and its traffic :)


    Author: -GHAN- (hansen@ahp-gmbh.de)
  6. In answer to a couple of questions in this thread, we have received native encryption wishes and are listening. We are working to have the wish list application live soon. This will provide more of the feedback regarding wishes.

     


    Author: Jason Huggins (jason.huggins@uniface.com)
  7. I use MD5 enconding in UNIFACE 4GL, this is how I did it.

    In the uenc.dll there is an exported function
    named "MD5digest" which has the following prototype

    MD5digest ((unsigned char *)pszFieldValue,
               (unsigned int )ustrlen(pszFieldValue),
               (unsigned char *)digest);


    pszFieldValue - zero terminating string :IN
    length of the string  as integer        :IN
    digest - zero terminating string        :OUT


    Define the following in the usys.asn

    [user_3gl]
    uenc.dll(MD5digest)


    Create a 3gl signature, for instance named MD5external or any name which suits you. In this

    signature you define the operation.

    Operation name: MD5DIGEST

    Parameters:
    value  IN string
    length IN numeric
    digest INOUT string

    Define in the parameter properties the "length" as int. You can define this in the interface
    dropdownlist.

    Further the literal name of the function is by default MD5EXTERNAL_MD5DIGEST. Go into     operation
    properties and change the literal name to "MD5digest". This is case sensitive!

    Create a test form with a dummy entity.

    editboxes named edt1,edt2 and a button.
    Make for instance edt1 the input and edt2 the output. For this reason I made edt2, NED which
    means non editable. In the detail trigger of the button I use the following proc code

    variables
        Numeric stringLength
        String  digest
    endvariables

    stringLength = $length(edt1)
    if (stringlength > 0)
    activate "MD5EXTERNAL".MD5DIGEST(EDT1,stringLength,digest)
    endif

    edt2 = digest

    end


    editbox edt2 contains now the md5 digest, after you put some data in edt1 and pressed the button.


    Happy coding
    Jasper
     


    Author: Jasper (jasper.de.keijzer@compuware.com)
  8. Great work, Jasper !!!

    I will give it a test shortly on different Versions

    Success, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  9. Hi Uli,

    the uenc.dll is located in the bin directory of uniface. But more importatent is, that it is available from u93 not before.

    Best regards.

    THOMAS

    By the way, does somebody know how UNIFACE read the connect-string and decrypt it by using the pathscrambler? We want to use the same mechanismen in a 3rd-party dll.


    Author: Thomas.Young (thomas.young@young-consulting.de)
  10. Hi Thomas,

    thanks for the fast reply; I found it.

    Schöne Woche, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  11. Hi Jasper,

     

    does the dll support a SALT parameter? ( This would spice up the whole thing a bit. )

     

    Cheers,

    -GHAN-


    Author: -GHAN- (hansen@ahp-gmbh.de)
  12. Hi,

    AFAIK, SALT is only to apply MD5 twice on a text.

    So if we have the MD5 functionality; it is up to the uniface coder to use it multiple times.

    Success, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  13. ... looked it up and here's how it works:

     

    Normal MD5 of a string is straight like this:

    MD5(text)  =  32bit

    If we use salt then we concatenate it behind the text:

     

    MD5($concat(text,salt)) = 32bit-no-chance-for-rainbow-tables-string

    ... ;)

     

    -GHAN-

     

     PS: THIS is just one way to do it!


    Author: -GHAN- (hansen@ahp-gmbh.de)
  14. In german, but the code is the message

    includes/User.php

    function addSalt( $p ) {
            global $wgPasswordSalt;
            if($wgPasswordSalt)
                    return md5( "{$this->mId}-{$p}" );
            else
                    return $p;
    }
    [...]
    function encryptPassword( $p ) {
            return $this->addSalt( md5( $p ) );
    }

    $this->mId      Numerische User-ID
    $p              Passwort-String


    Aus der User-ID "4711" mit dem Passwort "foobar" wird

    md5("4711-".md5("foobar")) bzw
    md5("4711-3858f62230ac3c915f300c664312c63f") oder letztlich
    ffb7631cfa7ab9c97fd510b7111ecd70

    Success, Uli

    if you cry for more on thet subject: de.php.net/manual/en/function.md5.php


    Author: ulrich-merkel (ulrichmerkel@web.de)
  15. Some final words to be said in a polite way:

    1) There is NO rule on how to salt a MD5-Hash! Do it as you like. The RFC only defines how to build a 32bit Hash.

    www.faqs.org/rfcs/rfc1321.html

     

    2) Since there is no rule about salting, PHP only refers to the RFC above and doesn't say a brick about salting! (...and what should they say? :) )

    The Comments below only show, how others have solved it for their needs in many different ways. But there is no "THIS IS DONE LIKE THIS! THERE IS NO OTHER WAY TO DO IT!"

     

    I'm getting a bit tired of wasting my time on those threads with senseless dialogs as they should contain useable information for everybody.

    First the "standard  3GL-homebrew solution" is suggested and after this didn't fit the public demands it got a bit silent. And then it starts over with some new crap. I don't like this!

    I'm fine with commentaries aslong they help the topic and their readers. BUT the rest is better left out!

     

    ===> So, Mr. Merkel, may I ask you to just stay calm on my threads? ... 


    Author: -GHAN- (hansen@ahp-gmbh.de)