Beispiel #1
0
 public static string HashPassword(string password, int iterations)
 {
     byte[] salt;
     byte[] buffer2;
     if (password == null)
     {
         throw new ArgumentNullException("password");
     }
     using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, _saltSize, iterations))
     {
         salt = bytes.S;
         buffer2 = bytes.GetBytes(_hashSize);
     }
     byte[] dst = new byte[_saltSize + _hashSize + 1];
     Buffer.BlockCopy(salt, 0, dst, 1, _saltSize);
     Buffer.BlockCopy(buffer2, 0, dst, _saltSize + 1, _hashSize);
     return string.Format("{0}{2}{1}", iterations, System.Convert.ToBase64String(dst), _splitter);
 }
Beispiel #2
0
        public static bool VerifyPassword(string password, string hashedPassword)
        {
            byte[] inputPwHash;
            if (hashedPassword == null)
            {
                return false;
            }
            if (password == null)
            {
                throw new ArgumentNullException("password");
            }

            int splitter = hashedPassword.IndexOf(_splitter);

            //Iterations
            int i;
            if (!int.TryParse(hashedPassword.Substring(0, splitter), out i))
                i = _iterationCount;
            //Hash
            string h = hashedPassword.Substring(splitter + 1);

            byte[] src = System.Convert.FromBase64String(h);
            if ((src.Length != _finalHashSize) || (src[0] != 0))
            {
                return false;
            }
            byte[] extractedSalt = new byte[_saltSize];
            Buffer.BlockCopy(src, 1, extractedSalt, 0, _saltSize);
            byte[] storedPwHash = new byte[_hashSize];
            Buffer.BlockCopy(src, _saltSize + 1, storedPwHash, 0, _hashSize);

            

            using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, extractedSalt, i))
            {
                inputPwHash = bytes.GetBytes(_hashSize);
            }

            return SlowEquals(storedPwHash, inputPwHash);
        }