After quickly making some example, I'm hovewer still not sure is it stupid/useless or might be nicely used somewhere ^^
Posting result here anyway, maybe someone will find it interesting. Generally it relates to "security through obscurity".
Code: Select all
; Returns password hash, prepared using some random
; ID method number
; Password$ password string to hash
; RETURN: hash string
Procedure$ HashAUX (Password$)
UseCRC32Fingerprint()
UseSHA2Fingerprint()
UseSHA3Fingerprint()
; here is some funny stuff: get pwd CRC32 hash value, init pseudo-random with it
RandomSeed(Val("$" + StringFingerprint(Password$, #PB_Cipher_CRC32)))
; hash pasword, using randomization
Protected Hash$ ; this will be returned by function
Protected S1 ; salt size (chars)
Protected Salt$ ; salt data
Protected S2 = Random(256, 128) ; number of steps
Protected R1 ; used algorithm
While S2
; new salt for current iteration
S1 = Random(512, 256)
Salt$ = ""
While S1
Salt$ + Chr(Random(255, 1))
S1 - 1
Wend
; randomize algorithm for this step (simple example)
If Random(1, 0)
R1 = #PB_Cipher_SHA2
Else
R1 = #PB_Cipher_SHA3
EndIf
; + 1 step
Hash$ + StringFingerprint(Salt$ + Password$ + Hash$, R1, 256)
S2 - 1
Wend
; return final hash of all that trash
If Random(1, 0)
R1 = #PB_Cipher_SHA2
Else
R1 = #PB_Cipher_SHA3
EndIf
ProcedureReturn StringFingerprint(Hash$, R1, 256)
EndProcedure
; Usage
Debug HashAUX("password")