Practical Cryptography for Developers
  • Welcome
  • Preface
  • Cryptography - Overview
  • Hash Functions
    • Crypto Hashes and Collisions
    • Hash Functions: Applications
    • Secure Hash Algorithms
    • Hash Functions - Examples
    • Exercises: Calculate Hashes
    • Proof-of-Work Hash Functions
  • MAC and Key Derivation
    • HMAC and Key Derivation
    • HMAC Calculation - Examples
    • Exercises: Calculate HMAC
    • KDF: Deriving Key from Password
    • PBKDF2
    • Modern Key Derivation Functions
    • Scrypt
    • Bcrypt
    • Linux crypt()
    • Argon2
    • Secure Password Storage
    • Exercises: Password Encryption
  • Secure Random Generators
    • Pseudo-Random Numbers - Examples
    • Secure Random Generators (CSPRNG)
    • Exercises: Pseudo-Random Generator
  • Key Exchange and DHKE
    • Diffie–Hellman Key Exchange
    • DHKE - Examples
    • Exercises: DHKE Key Exchange
  • Encryption: Symmetric and Asymmetric
  • Symmetric Key Ciphers
    • Cipher Block Modes
    • Popular Symmetric Algorithms
    • The AES Cipher - Concepts
    • AES Encrypt / Decrypt - Examples
    • Ethereum Wallet Encryption
    • Exercises: AES Encrypt / Decrypt
    • ChaCha20-Poly1305
    • Exercises: ChaCha20-Poly1305
  • Asymmetric Key Ciphers
    • The RSA Cryptosystem - Concepts
    • RSA Encrypt / Decrypt - Examples
    • Exercises: RSA Encrypt / Decrypt
    • Elliptic Curve Cryptography (ECC)
    • ECDH Key Exchange
    • ECDH Key Exchange - Examples
    • Exercises: ECDH Key Exchange
    • ECC Encryption / Decryption
    • ECIES Hybrid Encryption Scheme
    • ECIES Encryption - Example
    • Exercises: ECIES Encrypt / Decrypt
  • Digital Signatures
    • RSA Signatures
    • RSA: Sign / Verify - Examples
    • Exercises: RSA Sign and Verify
    • ECDSA: Elliptic Curve Signatures
    • ECDSA: Sign / Verify - Examples
    • Exercises: ECDSA Sign and Verify
    • EdDSA and Ed25519
    • EdDSA: Sign / Verify - Examples
    • Exercises: EdDSA Sign and Verify
  • Quantum-Safe Cryptography
    • Quantum-Safe Signatures - Example
    • Quantum-Safe Key Exchange - Example
    • Quantum-Safe Asymmetric Encryption - Example
  • More Cryptographic Concepts
    • Digital Certificates - Example
    • TLS - Example
    • One-Time Passwords (OTP) - Example
  • Crypto Libraries for Developers
    • JavaScript Crypto Libraries
    • Python Crypto Libraries
    • C# Crypto Libraries
    • Java Crypto Libraries
  • Conclusion
Powered by GitBook
On this page
  • Implement "Register User"
  • Implement "User Login"
  • Implement "Change Password"
  • Implement "Reset Password"

Was this helpful?

  1. MAC and Key Derivation

Exercises: Password Encryption

In this exercise you will design a user authentication system for modern a Web or mobile app, following the industry's best practices. Implement user register / login / change password functionality, using the Argon2 secure password hashing with random salt. Keep the usernames and their corresponding Argon2 hashed passwords (along with the Argon2 algorithm parameters and the random salt) as key-value pairs in the form username:argon2hash, in a simple JSON document. In the real world you may use a database instead of JSON document, but let's keep the exercise simple.

...

TODO

...

Implement "Register User"

Input: username + password + JSON holding all current accounts.

Output: modified JSON file or "user exists" exception.

...

TODO

...

Implement "User Login"

Input: username + password + JSON holding all current accounts.

Output: correct / incorrect login.

...

TODO

...

Implement "Change Password"

Input: username + old password + new password + JSON holding all current accounts.

Output: modified JSON file or "user exists" exception.

...

TODO

...

Implement "Reset Password"

Input: username + new password + JSON holding all current accounts.

Output: modified JSON file or "user exists" exception.

...

TODO

...

PreviousSecure Password StorageNextSecure Random Generators

Last updated 5 years ago

Was this helpful?