| protected CryptRaw ( byte password, byte salt, int logRounds ) : byte[] | ||
| password | byte | The password to hash. |
| salt | byte | The binary salt to hash with the /// password. |
| logRounds | int | The binary logarithm of the number of /// rounds of hashing to apply. |
| return | byte[] | |
public void LeadingByteDoesntTruncateHashSHA()
{
var b = new BCrypt();
var s = BCrypt.GenerateSalt();
var extractedSalt = s.Substring(7, 22);
var passA = SafeUTF8.GetBytes("d27a37");
var passB = new byte[] { 0 };
byte[] saltBytes = BCrypt.DecodeBase64(extractedSalt, 128 / 8);
byte[] enhancedBytes = SHA384.Create().ComputeHash(passA);
byte[] enhancedBytesB = SHA384.Create().ComputeHash(passB);
var bytesAreValid = BytesAreValid(enhancedBytes);
Assert.False(bytesAreValid, "Hash contains null bytes");
var hashA = b.CryptRaw(enhancedBytes, saltBytes, 4);
var hashAVerification = b.CryptRaw(enhancedBytes, saltBytes, 4);
Assert.True(Convert.ToBase64String(hashA) == Convert.ToBase64String(hashAVerification), "These should match as this is how validation works");
var hashB = b.CryptRaw(enhancedBytesB, saltBytes, 4);
var hashBVerification = b.CryptRaw(enhancedBytesB, saltBytes, 4);
Assert.True(Convert.ToBase64String(hashB) == Convert.ToBase64String(hashBVerification), "These should match as this is how validation works");
Assert.False(Convert.ToBase64String(hashA) == Convert.ToBase64String(hashB), "These shouldnt match as we hash the whole strings bytes, including the null byte");
}
public void LeadingByteDoesntTruncateHash()
{
var b = new BCrypt();
var s = BCrypt.GenerateSalt();
var extractedSalt = s.Substring(7, 22);
var passA = SafeUTF8.GetBytes("\0 password");
var passB = SafeUTF8.GetBytes("\0");
byte[] saltBytes = BCrypt.DecodeBase64(extractedSalt, 128 / 8);
var bytesAreValid = BytesAreValid(passA);
Assert.False(bytesAreValid, "Hash contains null bytes");
var hashA = b.CryptRaw(passA, saltBytes, 4);
var hashAVerification = b.CryptRaw(passA, saltBytes, 4);
Assert.True(Convert.ToBase64String(hashA) == Convert.ToBase64String(hashAVerification), "These should match as this is how validation works");
var hashB = b.CryptRaw(passB, saltBytes, 4);
var hashBVerification = b.CryptRaw(passB, saltBytes, 4);
Assert.True(Convert.ToBase64String(hashB) == Convert.ToBase64String(hashBVerification), "These should match as this is how validation works, this is skipping the password");
Assert.False(Convert.ToBase64String(hashA) == Convert.ToBase64String(hashB), "These shouldnt match as we hash the whole strings bytes, including the null byte");
}
public static string HashPassword(string input, string salt)
{
if (input == null)
{
//throw new ArgumentNullException("input");
}
if (string.IsNullOrEmpty(salt))
{
//throw new ArgumentException("Invalid salt", "salt");
}
char c = '\0';
if (salt[0] != '$' || salt[1] != '2')
{
//throw new SaltParseException("Invalid salt version");
}
int num;
if (salt[2] == '$')
{
num = 3;
}
else
{
c = salt[2];
if (c != 'a' || salt[3] != '$')
{
//throw new SaltParseException("Invalid salt revision");
}
num = 4;
}
if (salt[num + 2] > '$')
{
//throw new SaltParseException("Missing salt rounds");
}
int num2 = Convert.ToInt32(salt.Substring(num, 2));
string encodedstring = salt.Substring(num + 3, 22);
byte[] bytes = Encoding.UTF8.GetBytes(input + ((c >= 'a') ? "\0" : ""));
byte[] array = BCrypt.DecodeBase64(encodedstring, 16);
BCrypt bCrypt = new BCrypt();
byte[] byteArray = bCrypt.CryptRaw(bytes, array, num2);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append("$2");
if (c >= 'a')
{
stringBuilder.Append(c);
}
stringBuilder.AppendFormat("${0:00}$", num2);
stringBuilder.Append(BCrypt.EncodeBase64(array, array.Length));
stringBuilder.Append(BCrypt.EncodeBase64(byteArray, BCrypt._BfCryptCiphertext.Length * 4 - 1));
return(stringBuilder.ToString());
}
/// <summary>
/// Hash a password using the OpenBSD bcrypt scheme.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <param name="salt">The salt to hash with (perhaps generated
/// using <c>BCrypt.GenerateSalt</c>).</param>
/// <returns>The hashed password.</returns>
public static string HashPassword(string password, string salt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (salt == null)
{
throw new ArgumentNullException("salt");
}
char minor = (char)0;
if (salt[0] != '$' || salt[1] != '2')
{
throw new ArgumentException("Invalid salt version");
}
int offset;
if (salt[1] != '$')
{
minor = salt[2];
if (minor != 'a' || salt[3] != '$')
{
throw new ArgumentException("Invalid salt revision");
}
offset = 4;
}
else
{
offset = 3;
}
// Extract number of rounds
if (salt[offset + 2] > '$')
{
throw new ArgumentException("Missing salt rounds");
}
int rounds = Int32.Parse(salt.Substring(offset, 2), NumberFormatInfo.InvariantInfo);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password + (minor >= 'a' ? "\0" : String.Empty));
byte[] saltBytes = DecodeBase64(salt.Substring(offset + 3, 22),
BCRYPT_SALT_LEN);
BCrypt bcrypt = new BCrypt();
byte[] hashed = bcrypt.CryptRaw(passwordBytes, saltBytes, rounds);
StringBuilder rs = new StringBuilder();
rs.Append("$2");
if (minor >= 'a')
{
rs.Append(minor);
}
rs.Append('$');
if (rounds < 10)
{
rs.Append('0');
}
rs.Append(rounds);
rs.Append('$');
rs.Append(EncodeBase64(saltBytes, saltBytes.Length));
rs.Append(EncodeBase64(hashed,
(bf_crypt_ciphertext.Length * 4) - 1));
return(rs.ToString());
}
/// <summary>
/// Hash a password using the OpenBSD bcrypt scheme.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <param name="salt">The salt to hash with (perhaps generated
/// using <c>BCrypt.GenerateSalt</c>).</param>
/// <returns>The hashed password.</returns>
public static string HashPassword(string password, string salt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (salt == null)
{
throw new ArgumentNullException("salt");
}
char minor = (char)0;
if (salt[0] != '$' || salt[1] != '2')
{
throw new ArgumentException("Invalid salt version");
}
int offset;
if (salt[1] != '$')
{
minor = salt[2];
if (minor != 'a' || salt[3] != '$')
{
throw new ArgumentException("Invalid salt revision");
}
offset = 4;
}
else
{
offset = 3;
}
// Extract number of rounds
if (salt[offset + 2] > '$')
{
throw new ArgumentException("Missing salt rounds");
}
int rounds = Int32.Parse(salt.Substring(offset, 2), NumberFormatInfo.InvariantInfo);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password + (minor >= 'a' ? "\0" : String.Empty));
byte[] saltBytes = DecodeBase64(salt.Substring(offset + 3, 22),
BCRYPT_SALT_LEN);
BCrypt bcrypt = new BCrypt();
byte[] hashed = bcrypt.CryptRaw(passwordBytes, saltBytes, rounds);
StringBuilder rs = new StringBuilder();
rs.Append("$2");
if (minor >= 'a')
{
rs.Append(minor);
}
rs.Append('$');
if (rounds < 10)
{
rs.Append('0');
}
rs.Append(rounds);
rs.Append('$');
rs.Append(EncodeBase64(saltBytes, saltBytes.Length));
rs.Append(EncodeBase64(hashed,
(bf_crypt_ciphertext.Length * 4) - 1));
return rs.ToString();
}