////---------------------------------------------------------------------------------------------------------------------------------------------------------------
///// <summary>
///// Generates a long key from a set of input characters
///// 13-Oct-2015 - Use the MGLEncryption method instead ...
///// </summary>
//public static string GetSalt(int saltLength) {
// // Use a dedicated random cryptographic class to build a random list of characters to the specified length ...
// // use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)
// RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
// byte[] salt = new byte[saltLength];
// csprng.GetBytes(salt);
// string base64Str = Convert.ToBase64String(salt);
// return base64Str;
//}
//--------------------------------------------------------------------------------------------------------------------------------------------------------------
private static bool TestEncryption()
{
bool success = false;
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
// Test the general encryption stuff ...
StringBuilder tempKey = MGLEncryption.GetSalt(30);
StringBuilder tempKey2 = MGLEncryption.GetSalt(30);
// Test the mgl encryption 2 ...
StringBuilder testPword2 = MGLPasswordHash.EncryptPassword(tempKey);
StringBuilder testPword3 = MGLPasswordHash.EncryptPassword(tempKey2);
bool theSame3 = MGLPasswordHash.Compare(tempKey, testPword2);
bool theSame4 = MGLPasswordHash.Compare(tempKey, testPword3);
success = theSame3 == true && theSame4 == false;
return(success);
}
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Encrypts the given string
/// </summary>
public static StringBuilder EncryptPassword(StringBuilder password)
{
StringBuilder encryptedPassword = null;
try {
// First we need to turn the input string into a byte array.
// 5-Jul-15 - by adding a random padding of 8 chars at the start, we ensure that a password of "Hello World" will not be
// the same twice when encrypted
StringBuilder randomPaddingSalt = MGLEncryption.GetSalt(SaltLength);
// Turn the password into Key and IV. We are using salt to make it harder to guess our key
// using a dictionary attack - trying to guess a password by enumerating all possible words.
// and generate a password specific salt that we will append to the end of the string ...
StringBuilder randomAlgSaltStr = MGLEncryption.GetSalt(SaltLength);
encryptedPassword = Encrypt(password, randomPaddingSalt.ToString(), randomAlgSaltStr.ToString(), SaltIterations);
} catch (Exception ex) {
Logger.LogError(9, "Error trying to encrypt a password. " + ex.StackTrace);
}
return(encryptedPassword);
}
