joined the forum to ask this...

i bought a uno couple months ago......i have some basic programming knowledge....

im trying to hash a password and store it.......

ive seen people say in some places its not possible..but some say yes.....

can it be done??...if so please someone help me.... :confused:

i dont care what the method is sha1 or even md5 its not important

What have you tried?

What exactly do you mean by "hash a password and store it"

How do you want to use the stored hashed password? - so we will know what sort of storage is appropriate.

If you have been trying to write an Arduino program to do what you want then post your program and tell us exactly what it does and what you want it to do that is different?

Do you know how to hash and store your password with a PC program rather than an Arduino program?

...R

Robin2:
What exactly do you mean by "hash a password and store it"

How do you want to use the stored hashed password? - so we will know what sort of storage is appropriate.

If you have been trying to write an Arduino program to do what you want then post your program and tell us exactly what it does and what you want it to do that is different?

Do you know how to hash and store your password with a PC program rather than an Arduino program?

...R

its for my school project....my teacher told us to get familiar with arduino

my idea is very simple .....
"to explain how hashes are one way functions"

i use millis to store milli second as salt(if im correct)
4 digit number as password.

sorry......im....a noob..

Do you want a hashing algorithm (e.g. SHA-256) or an encryption algorithm (e.g. bcrypt). “Hashing” passwords is usually done using an encryption algorithm. For example, the default password hashing function in PHP is bcrypt.
SHA-512 v Bcrypt

Most of the relevant Wikipedia pages contain pseudo code for all of the algorithms, and some Arduino libraries are around.

Keep in mind that most cryptographic vulnerabilities are a result of implementation flaws, rather than problems with the actual cryptography/mathematics behind it.

Pieter

PieterP:
Do you want a hashing algorithm (e.g. SHA-256) or an encryption algorithm (e.g. bcrypt). "Hashing" passwords is usually done using an encryption algorithm. For example, the default password hashing function in PHP is bcrypt.
SHA-512 v Bcrypt

Most of the relevant Wikipedia pages contain pseudo code for all of the algorithms, and some Arduino libraries are around.

Keep in mind that most cryptographic vulnerabilities are a result of implementation flaws, rather than problems with the actual cryptography/mathematics behind it.

Pieter

yes sha256 or atleast sha1......

its just for my school project

AWOL:
What have you tried?

(SORRY SORRY also since im a noobie i can post ONLY AFTER FIVE MINS)
The message has the following error or errors that must be corrected before continuing:
Unable to publish the post. Please notice you can only post once every 5 minutes and only edit posts after 30 seconds. Once you reach 100 published posts this limit will be removed.

ive tried using this library from github.....but its not wotking

but some say its not possible.......

im confused.........

lisa_hampton:
its for my school project....my teacher told us to get familiar with arduino

my idea is very simple .....
"to explain how hashes are one way functions"

To my mind that is not at all a good example for an Arduino demo. It is not the sort of thing that microprocessors are normally used for. And without a fairly complex program to try to recreate the data from the hashed value you will not be proving anything.

Microprocessors are more usually used where there is interaction with the external environment - perhaps reading a temperature sensor, controlling the speed of a motor, or generating displays with LEDs.

If you just want to a very simple system to demonstrate familiarity with an Arduino why not use an input button to alter the blink rate of the onboard LED (or an external LED if you have one). You don't even need a button switch - you could just touch together two pieces of wire, one in the Arduino GND pin and one in an I/O pin.

...R

ive tried using this library from github…but its not wotking
GitHub - tzikis/ArduinoMD5: The first easily-embeddable MD5 library for Arduino

I’ve just tested that and it works perfectly on a Uno.
The instructions are not so nice, telling you to manually manipulate the Arduino library folder, so here it is as a zip file with the .cpp and .h within the sketch folder.

If you can’t get that working then, as previously implied, you have to work through some introductory tutorials.

md5Test_v0.01.zip (4.05 KB)

Robin2:
And without a fairly complex program to try to recreate the data from the hashed value you will not be proving anything.

I think the point is to show that it is impossible. Hash "a". Observe that it is completely different from the hash of "b". Then hash "a" again. It is also different. That proves you cannot recover the original data from the hash.

MorganS:
Then hash "a" again. It is also different.

How can that be true? If it was how could we use a hash to satisfy ourselves that a file we have downloaded is unchanged.

AFAIK every time you apply a hash algorithm to the same piece of text you get the same hash value.

Proving that it is impossible to reconstruct the original text with nothing but the hash value as a starting point is (presumably) an exercise in complex maths rather computer programming.

Knowing that is is extremely difficult is pretty obvious simply from the fact that a hash of a given length could represent a piece of text of almost any length.

...R

i use millis to store milli second as salt(if im correct)
4 digit number as password.

The idea of using a salt in this case it to prevent the attack where someone simply builds a table of all the possible 4 digit passwords (actually there would only be 10,000) to do reverse lookups to recover the plain text password. Including milliseconds (unsigned long ) adds 32 bits and makes such a table more difficult to build.

As a school exercise this is perfectly OK. But the Arduinos, especially the 8bit AVR architecture ones, do not have the processing power for really secure cryptographic functions.

Of course "really secure" is a moving target. These day's it's something like "An attacker with a copy of your source code and a supercomputer could not break one code in 50 years of computation time."

If the attacker only has an Arduino of similar capability as the one that made the hash then even simple algorithms are secure against hundreds of years of computation time. If they can afford to buy 100 Arduinos then they can crack it in only years.

I reckon it's a fun idea. Usually "getting to know Arduino" builds a traffic light with 3 coloured LEDs but this one has some practicality. You could put the hashes and salts into your source code and even somebody with the code (or they extracted the machine code from one of your chips) cannot know your 4-digit password.

Even if somebody steals the door lock off secure site #1, you don't need to change your password at secure site #2. Although if there's managers (and there always is) they'll force you to change "just in case." That's why banks (which actually do understand cryptography) don't force you to change your internet banking password every 6 months and allow passwords which most other places deem "too simple" to be a password.

Hi,
Is this a project suggested by your teacher?
OR
Is this a project thought up by you?

If by teacher, do you have a written/hard copy of the project suggestion so we can see exactly what is wanted?

If by you, I think you should have researched before suggesting, so you will have an indication of if the Arduino can do it.

Thanks… Tom… :slight_smile: