Character 'case' in output of RTI_Crypto() - OI 9 vs OI 10 (OpenInsight 64-bit)
At 04 MAY 2024 10:33:53AM Michael Lindberg wrote:
In one of our processes we have newly created passwords encrypted using code similar to the following ..
master_seed = ".AnoTher_ se3d?V@lu3.432234asdf;lkj" user_pass = '*Revelation*2024*' user_pass = RTI_CRYPTO('HEX_HMAC_SHA1', master_seed, user_pass)The encryption is stored in a data table and future login attempts encrypt the provided password as above then compare this new encryption with the stored value.
In our migration from OI 9.4.6 to OI 10.2.1 I noticed our logins failing in our test lab. I discovered that in OI 10 the hex characters in the result of RTI_Crypto() were in upper case while the characters in the result of our OI 9 RTI_Crypto() were in lower case. So, because our test lab was testing OI 10 with OI 9 data, I was comparing …
4da826b5dd210075270ff72941894e5b309d5770 (OI 9.4.6), with
4DA826B5DD210075270FF72941894E5B309D5770 (OI 10.2.1)
and it failed.
I did not notice any reference to RTI_Crypto in the change logs and the only manual pages I've found for RTI_Crypto() show the result in lower case.
Did I miss a documented change in this function?
Did a change in the 'Hex_HMAC-Sha1' algorithm cause this?
Is it possible some configuration or issue in my OI 10.2.1 installation is causing this?
Thanks for your incite :)
At 06 MAY 2024 01:05PM Michael Lindberg wrote:
I didn't see the reference to this same topic in the Works forum.
It appears that the RTI_Crypto() function has been rewritten using C++ and the output is now always upper case.