SHA-1 Hash

Started by Gary C., October 04, 2022, 12:39:54 PM

Previous topic - Next topic

Gary C.

Hello

We wish to stop our users (internal and external) from using passwords that are known to have featured in a security breach.

There is a web API for this which basically requires us to pass a UTF-8 SHA-1 hash of the password we want the check.

I'm struggling to take a string and convert it to the SHA-1 hash.

I am using this function (cribbed from the help file) to return the hash:

Code (genero) Select

function sys_computeHash(sToDigest string, sAlgorithm string) returns string

  define sBase64,
    sResult string,
    dgst security.Digest

  try
    let dgst = security.Digest.CreateDigest(sAlgorithm )
    call dgst.AddStringData(sToDigest )
    let sBase64 = dgst.DoBase64Digest()
    let sResult = util.Strings.base64DecodeToString(sBase64)
  catch
    call sys_showMessage("Error", STATUS||" - "||SQLCA.SQLERRM, "")
  end try

  return sResult
 
end function


When executed, for a passed string of "Password1", the value of sBase64 is:

cMzZAHM41tgd07YnFiG5z5qX6gA=

But the call to base64DecodeToString returns null.

Using an online SHA-1 hash generator gives:

70ccd9007338d6d81dd3b6271621b9cf9a97ea00

The server this is being executed on has its character set to utf8.

I would welcome any guidance on where I may be going wrong.

Thanks

Gary

Gary C.

Hi

I have now realised I was using the wrong method:

dgst.DoHexBinaryDigest()

yields the desired results.