cnjimbo · March 21, 2017 09:16
diff --git a/PasswordUtility.cs b/PasswordUtility.cs
 using System;
 using System.Runtime.CompilerServices;
 using System.Security.Cryptography;

 public class PasswordUtility
 {
    // Original Version Copyright:
    // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
    // Original License: http://www.apache.org/licenses/LICENSE-2.0

    /* =======================
        * HASHED PASSWORD FORMATS
        * =======================
        * 
        * Version 0:
        * PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
        * (See also: SDL crypto guidelines v5.1, Part III)
        * Format: { 0x00, salt, subkey }
        */

    private const int PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
    private const int PBKDF2SubkeyLength = 256 / 8; // 256 bits
    private const int SaltSize = 128 / 8; // 128 bits

    public static string HashPassword(string password, int iterationCount = PBKDF2IterCount)
    {
        if (password == null)
        {
            throw new ArgumentNullException("password");
        }

        // Produce a version 0 (see comment above) password hash.
        byte[] salt;
        byte[] subkey;
        using (var deriveBytes = new Rfc2898DeriveBytes(password, SaltSize, iterationCount))
        {
            salt = deriveBytes.Salt;
            subkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
        }

        byte[] outputBytes = new byte[1 + SaltSize + PBKDF2SubkeyLength];
        Buffer.BlockCopy(salt, 0, outputBytes, 1, SaltSize);
        Buffer.BlockCopy(subkey, 0, outputBytes, 1 + SaltSize, PBKDF2SubkeyLength);
        return Convert.ToBase64String(outputBytes);
    }

    // hashedPassword must be of the format of HashWithPassword (salt + Hash(salt+input)
    public static bool VerifyHashedPassword(string hashedPassword, string password, int iterationCount = PBKDF2IterCount)
    {
        if (hashedPassword == null)
        {
            throw new ArgumentNullException("hashedPassword");
        }
        if (password == null)
        {
            throw new ArgumentNullException("password");
        }

        byte[] hashedPasswordBytes = Convert.FromBase64String(hashedPassword);

        // Verify a version 0 (see comment above) password hash.

        if (hashedPasswordBytes.Length != (1 + SaltSize + PBKDF2SubkeyLength) || hashedPasswordBytes[0] != 0x00)
        {
            // Wrong length or version header.
            return false;
        }

        byte[] salt = new byte[SaltSize];
        Buffer.BlockCopy(hashedPasswordBytes, 1, salt, 0, SaltSize);
        byte[] storedSubkey = new byte[PBKDF2SubkeyLength];
        Buffer.BlockCopy(hashedPasswordBytes, 1 + SaltSize, storedSubkey, 0, PBKDF2SubkeyLength);

        byte[] generatedSubkey;
        using (var deriveBytes = new Rfc2898DeriveBytes(password, salt, iterationCount))
        {
            generatedSubkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
        }
        return ByteArraysEqual(storedSubkey, generatedSubkey);
    }

    internal static string BinaryToHex(byte[] data)
    {
        char[] hex = new char[data.Length * 2];

        for (int iter = 0; iter < data.Length; iter++)
        {
            byte hexChar = ((byte)(data[iter] >> 4));
            hex[iter * 2] = (char)(hexChar > 9 ? hexChar + 0x37 : hexChar + 0x30);
            hexChar = ((byte)(data[iter] & 0xF));
            hex[(iter * 2) + 1] = (char)(hexChar > 9 ? hexChar + 0x37 : hexChar + 0x30);
        }
        return new string(hex);
    }

    // Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
    [MethodImpl(MethodImplOptions.NoOptimization)]
    private static bool ByteArraysEqual(byte[] a, byte[] b)
    {
        if (ReferenceEquals(a, b))
        {
            return true;
        }

        if (a == null || b == null || a.Length != b.Length)
        {
            return false;
        }

        for (int i = 0; i < a.Length; i++)
        {
            if (a[i] != b[i])return false;
        }
        return true;
    }
 }
	using System;
	using System.Runtime.CompilerServices;
	using System.Security.Cryptography;

	public class PasswordUtility
	{
	// Original Version Copyright:
	// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
	// Original License: http://www.apache.org/licenses/LICENSE-2.0

	/* =======================
	* HASHED PASSWORD FORMATS
	* =======================
	*
	* Version 0:
	* PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
	* (See also: SDL crypto guidelines v5.1, Part III)
	* Format: { 0x00, salt, subkey }
	*/

	private const int PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
	private const int PBKDF2SubkeyLength = 256 / 8; // 256 bits
	private const int SaltSize = 128 / 8; // 128 bits

	public static string HashPassword(string password, int iterationCount = PBKDF2IterCount)
	{
	if (password == null)
	{
	throw new ArgumentNullException("password");
	}

	// Produce a version 0 (see comment above) password hash.
	byte[] salt;
	byte[] subkey;
	using (var deriveBytes = new Rfc2898DeriveBytes(password, SaltSize, iterationCount))
	{
	salt = deriveBytes.Salt;
	subkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
	}

	byte[] outputBytes = new byte[1 + SaltSize + PBKDF2SubkeyLength];
	Buffer.BlockCopy(salt, 0, outputBytes, 1, SaltSize);
	Buffer.BlockCopy(subkey, 0, outputBytes, 1 + SaltSize, PBKDF2SubkeyLength);
	return Convert.ToBase64String(outputBytes);
	}

	// hashedPassword must be of the format of HashWithPassword (salt + Hash(salt+input)
	public static bool VerifyHashedPassword(string hashedPassword, string password, int iterationCount = PBKDF2IterCount)
	{
	if (hashedPassword == null)
	{
	throw new ArgumentNullException("hashedPassword");
	}
	if (password == null)
	{
	throw new ArgumentNullException("password");
	}

	byte[] hashedPasswordBytes = Convert.FromBase64String(hashedPassword);

	// Verify a version 0 (see comment above) password hash.

	if (hashedPasswordBytes.Length != (1 + SaltSize + PBKDF2SubkeyLength) \|\| hashedPasswordBytes[0] != 0x00)
	{
	// Wrong length or version header.
	return false;
	}

	byte[] salt = new byte[SaltSize];
	Buffer.BlockCopy(hashedPasswordBytes, 1, salt, 0, SaltSize);
	byte[] storedSubkey = new byte[PBKDF2SubkeyLength];
	Buffer.BlockCopy(hashedPasswordBytes, 1 + SaltSize, storedSubkey, 0, PBKDF2SubkeyLength);

	byte[] generatedSubkey;
	using (var deriveBytes = new Rfc2898DeriveBytes(password, salt, iterationCount))
	{
	generatedSubkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
	}
	return ByteArraysEqual(storedSubkey, generatedSubkey);
	}

	internal static string BinaryToHex(byte[] data)
	{
	char[] hex = new char[data.Length * 2];

	for (int iter = 0; iter < data.Length; iter++)
	{
	byte hexChar = ((byte)(data[iter] >> 4));
	hex[iter * 2] = (char)(hexChar > 9 ? hexChar + 0x37 : hexChar + 0x30);
	hexChar = ((byte)(data[iter] & 0xF));
	hex[(iter * 2) + 1] = (char)(hexChar > 9 ? hexChar + 0x37 : hexChar + 0x30);
	}
	return new string(hex);
	}

	// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
	[MethodImpl(MethodImplOptions.NoOptimization)]
	private static bool ByteArraysEqual(byte[] a, byte[] b)
	{
	if (ReferenceEquals(a, b))
	{
	return true;
	}

	if (a == null \|\| b == null \|\| a.Length != b.Length)
	{
	return false;
	}

	for (int i = 0; i < a.Length; i++)
	{
	if (a[i] != b[i])return false;
	}
	return true;
	}
	}
No results found