I'm having some problems when verifying a password hash using SHA512. Here is my function to hash a password :
//--------------------------------------------------
try
{
boost::shared_ptr<HashModule> hash(new SHA512);
std::string outstring;
StringSource(ClearTextPwd, true, new HashFilter(*hash, new HexEncoder(new StringSink(outstring))));
*HashedPwd = outstring;
}
catch(CryptoPP::Exception const &e)
{
std::cerr << e.what();
return false;
}
//--------------------------------------------------This seems to work fine.
Now here is the way I try to verify the password hash :
//--------------------------------------------------
try
{
SHA512 SHAhash;SecByteBlock digest(SHA512::DIGESTSIZE);
StringSource(HashedPwd.c_str(), true, new ArraySink(digest, digest.Size())); HashVerifier *pVerifier = new HashVerifier(SHAhash);
pVerifier->Put(digest, digest.Size());
StringSource(ClearTextPwd.c_str(), true, pVerifier);
if (pVerifier->GetLastResult())
PwdMatch = true;
}
catch(CryptoPP::Exception const &e)
{
std::cerr << e.what();
return false;
}
//--------------------------------------------------The problem is that the verification method ALWAYS return true. The "pVerifier->GetLastResult()" is ALWAYS true no matter what I pass in as the ClearTextPwd. Is this the proper way to do it, or I am in complete darkness !?!?!?!
Some help would be GREATLY appreciated !!!
Thanks in advance for any help.
Luc.
