|
|
|
|
|
|
by ciderpunx
4173 days ago
|
|
|
Sure, I think that this means that the try the normal case and the flipped case. > ie. compare both hash(enteredPassword) and hash(invertCase(enteredPassword)) to the hash in the database and see if either match Here's an example in bash: $ echo PasSwoRd | tr 'A-Za-z' 'a-zA-Z'
pASsWOrD
In the database store one variant $ echo PasSwoRd | tr 'A-Za-z' 'a-zA-Z' | sha256sum > db
Then you can test both on input $ echo PasSwoRd | sha256sum > sum1
$ echo PasSwoRd | tr 'A-Za-z' 'a-zA-Z' | sha256sum > sum2
$ diff -q db sum1
Files db and sum1 differ # i.e. LOGIN FAILS
$ diff -q db sum2
$ # i.e. LOGIN SUCCEEDS
The problem with the caps lock behaviour on Macs is harder. You definitely don't want to force to uppercase! |
|
|