internal static byte[] GenerateSteamParentalHash(byte[] password, byte[] salt, byte hashLength, ESteamParentalAlgorithm steamParentalAlgorithm) { if ((password == null) || (salt == null) || (hashLength == 0) || !Enum.IsDefined(typeof(ESteamParentalAlgorithm), steamParentalAlgorithm)) { ASF.ArchiLogger.LogNullError(nameof(password) + " || " + nameof(salt) + " || " + nameof(hashLength) + " || " + nameof(steamParentalAlgorithm)); return(null); } switch (steamParentalAlgorithm) { case ESteamParentalAlgorithm.Pbkdf2: using (HMACSHA1 hmacAlgorithm = new HMACSHA1(password)) { return(Pbkdf2.ComputeDerivedKey(hmacAlgorithm, salt, SteamParentalPbkdf2Iterations, hashLength)); } case ESteamParentalAlgorithm.SCrypt: return(SCrypt.ComputeDerivedKey(password, salt, SteamParentalSCryptIterations, SteamParentalSCryptBlocksCount, 1, null, hashLength)); default: ASF.ArchiLogger.LogGenericError(string.Format(Strings.WarningUnknownValuePleaseReport, nameof(steamParentalAlgorithm), steamParentalAlgorithm)); return(null); } }
public Player GetPlayerByLogin(string name, string password) { var connection = _databaseService.GetConnection(); var data = connection.QueryFirstOrDefault <UserAuthentication>( "SELECT id, hash FROM players WHERE name = @name", new { name }); connection.Close(); if (data == null) { return(null); } var playerId = data.Id; var playerHash = data.Hash; if (!Pbkdf2.ValidatePassword(password, playerHash)) { return(null); } var iterations = Pbkdf2.GetHashIterations(playerHash); if (iterations != Pbkdf2.Pbkdf2Iterations) { var hash = Pbkdf2.HashPassword(password); UpdateHash(playerId, hash); } return(GetPlayerById(playerId)); }
private static byte[] DeriveKey(byte[] key, byte[] salt, int outputSize, int iterations) { var output = new byte[outputSize]; Pbkdf2.ComputeKey(key, salt, iterations, Pbkdf2.CallbackFromHmac <HMACSHA256>(), outputSize, output); return(output); }
public static void Main(string[] args) { var pbkdf2 = new Pbkdf2(); Console.WriteLine("Welcome! First you need to register..."); Console.Write(" Username: "******" Password: "******"\nThank you for registering, you can now login below..."); Console.Write(" Username: "******" Password: "******"\nLogin was successful!"); } else { Console.WriteLine("\nLogin failed"); } Console.WriteLine("\nPress any key to continue..."); Console.Read(); }
public void ComparisonTest(string password, string salt, int iterations, int bytes) { var _pass = System.Text.Encoding.UTF8.GetBytes(password); var _salt = System.Text.Encoding.UTF8.GetBytes(salt); var algo1 = new Rfc2898DeriveBytes(_pass, _salt, iterations); var algo2 = new Pbkdf2(new HMACSHA1(_pass), _salt, iterations); var h1 = algo1.GetBytes(bytes).ToHex(); var h2 = algo2.GetBytes(bytes).ToHex(); Assert.AreEqual(h1, h2); var h3 = algo1.GetBytes(bytes + 7).ToHex(); var h4 = algo2.GetBytes(bytes + 7).ToHex(); Assert.AreEqual(h3, h4); var h5 = algo1.GetBytes(1).ToHex(); var h6 = algo2.GetBytes(1).ToHex(); Assert.AreEqual(h5, h6); h5 = algo1.GetBytes(1).ToHex(); h6 = algo2.GetBytes(1).ToHex(); Assert.AreEqual(h5, h6); h5 = algo1.GetBytes(1).ToHex(); h6 = algo2.GetBytes(1).ToHex(); Assert.AreEqual(h5, h6); }
public void TestVector_PBKDF2_HMAC_SHA_256() { var p = System.Text.Encoding.ASCII.GetBytes("passwd"); var s = System.Text.Encoding.ASCII.GetBytes("salt"); var pbkdf = new Pbkdf2(new HMACSHA256(p), s, 1); var dk = pbkdf.GetBytes(64); var expected = Encoders.Hex.GetBytes(@" 55 ac 04 6e 56 e3 08 9f ec 16 91 c2 25 44 b6 05 f9 41 85 21 6d de 04 65 e6 8b 9d 57 c2 0d ac bc 49 ca 9c cc f1 79 b6 45 99 16 64 b3 9d 77 ef 31 7c 71 b8 45 b1 e3 0b d5 09 11 20 41 d3 a1 97 83" .Clean()); CollectionAssert.AreEqual(expected, dk); p = System.Text.Encoding.ASCII.GetBytes("Password"); s = System.Text.Encoding.ASCII.GetBytes("NaCl"); pbkdf = new Pbkdf2(new HMACSHA256(p), s, 80000); dk = pbkdf.GetBytes(64); expected = Encoders.Hex.GetBytes(@" 4d dc d8 f6 0b 98 be 21 83 0c ee 5e f2 27 01 f9 64 1a 44 18 d0 4c 04 14 ae ff 08 87 6b 34 ab 56 a1 d4 25 a1 22 58 33 54 9a db 84 1b 51 c9 b3 17 6a 27 2b de bb a1 d0 78 47 8f 62 b3 97 f3 3c 8d" .Clean()); CollectionAssert.AreEqual(expected, dk); }
public void Test_Pbkdf2() { byte[] password = new byte[256]; byte[] salt = new byte[256]; _random.NextBytes(password); _random.NextBytes(salt); using (var hmac = new System.Security.Cryptography.HMACSHA1()) { Pbkdf2 pbkdf2 = new Pbkdf2(hmac, password, salt, 1024); System.Security.Cryptography.Rfc2898DeriveBytes rfc2898DeriveBytes = new System.Security.Cryptography.Rfc2898DeriveBytes(password, salt, 1024); Assert.IsTrue(CollectionUtilities.Equals(pbkdf2.GetBytes(1024), rfc2898DeriveBytes.GetBytes(1024)), "Pbkdf2 #1"); } //_random.NextBytes(password); //_random.NextBytes(salt); //using (var hmac = new System.Security.Cryptography.HMACSHA256()) //{ // CryptoConfig.AddAlgorithm(typeof(SHA256Cng), // "SHA256", // "SHA256Cng", // "System.Security.Cryptography.SHA256", // "System.Security.Cryptography.SHA256Cng"); // hmac.HashName = "System.Security.Cryptography.SHA256"; // Pbkdf2 pbkdf2 = new Pbkdf2(hmac, password, salt, 1024); // var h = pbkdf2.GetBytes(10); //} }
public void Generate_returns_correct_result() { foreach (var i in TestData) { var expected = i.Expected.Decode64(); Assert.That(Pbkdf2.Generate(i.Password, i.Salt, i.IterationCount, expected.Length), Is.EqualTo(expected)); Assert.That(Pbkdf2.Generate(i.Password.ToBytes(), i.Salt, i.IterationCount, expected.Length), Is.EqualTo(expected)); Assert.That(Pbkdf2.Generate(i.Password, i.Salt.ToBytes(), i.IterationCount, expected.Length), Is.EqualTo(expected)); Assert.That(Pbkdf2.Generate(i.Password.ToBytes(), i.Salt.ToBytes(), i.IterationCount, expected.Length), Is.EqualTo(expected)); } }
public static Pbkdf2 GetStream(byte[] key, byte[] salt, int cost, int blockSize, int parallel, int? maxThreads) { byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads); Pbkdf2 kdf = new Pbkdf2(key, B, 1, _hmacCallback, hLen); Clear(B); return kdf; }
public static byte[] DeriveKeyHash(string username, string password, int iterationCount) { var key = DeriveKey(username, password, iterationCount); return(iterationCount == 1 ? Crypto.Sha256(key.ToHex() + password) : Pbkdf2.GenerateSha256(key, password.ToBytes(), 1, 32)); }
byte[] PBKDF2(byte[] password, byte[] salt, int iterations, int outputBytes) { using (var hmac = new HMACSHA256()) { var df = new Pbkdf2(hmac, password, salt, iterations); var bytes = df.GetBytes(outputBytes); return(bytes); } }
public void Compare_ShouldReturnTrue(string passwordHash1, string passwordHash2) { var pbkdf2 = new Pbkdf2(); var result = pbkdf2.Compare(passwordHash1, passwordHash2); Assert.IsTrue(result); }
public void Test_Pbkdf2() { string hash = "x7JH1xlG/PgzXTplNhXhvw=="; Pbkdf2 pbkdf2 = new Pbkdf2(100000, 16); Assert.True(pbkdf2.Validate("password@12345", hash)); Assert.False(pbkdf2.Validate("wasd", hash)); }
public void Compute_SaltTooShort() { var pbkdf2 = new Pbkdf2 { PlainText = "TestPlainText", SaltSize = 7 }; var hash = pbkdf2.Compute(); Assert.Fail(); }
public void Compute_NotEnoughIterations() { var pbkdf2 = new Pbkdf2 { PlainText = "TestPlainText", HashIterations = 9999 }; var hash = pbkdf2.Compute(); Assert.Fail(); }
public void Compute_HashSizeToBig() { var pbkdf2 = new Pbkdf2 { PlainText = "TestPlainText", HashSize = 65 }; var hash = pbkdf2.Compute(); Assert.Fail(); }
internal static byte[] DeriveMasterPasswordAuthKey(string userId, byte[] encryptionKey, DatabaseInfo databaseInfo) { return(Pbkdf2.GenerateSha256(password: encryptionKey, salt: Encoding.Unicode.GetBytes(userId), iterationCount: 1500, byteCount: 64)); }
public void Compute_ExtractSaltException() { var pbkdf2 = new Pbkdf2 { PlainText = "Test", Salt = "100A00.Random" }; pbkdf2.Compute(); Assert.Fail(); }
public void Compute_PlainTextIsEmpty() { var pbkdf2 = new Pbkdf2 { Salt = "100000.Random" }; pbkdf2.Compute(); Assert.Fail(); }
public static byte[] DeriveKeyWithConfig(byte[] key, byte[] salt, int outputSize, byte[] config) { int iterations; PBKDF2ConfigurationUtility.Read(config, out iterations); var output = new byte[outputSize]; Pbkdf2.ComputeKey(key, salt, iterations, Pbkdf2.CallbackFromHmac <HMACSHA256>(), outputSize, output); return(output); }
public void GenerateSalt_SaltSizeIsLessThanOne() { var pbkdf2 = new Pbkdf2 { PlainText = "Test", SaltSize = 0 }; pbkdf2.GenerateSalt(); Assert.Fail(); }
public string HashPassword(string password) { byte[] salt = new byte[32]; Random r = new Random(); r.NextBytes(salt); Pbkdf2 pbkdf2 = new Pbkdf2(new HMACSHA256(), System.Text.Encoding.UTF8.GetBytes(password), salt); return(Convert.ToBase64String(pbkdf2.GetBytes(32)) + ":" + Convert.ToBase64String(salt)); }
public void DoPbkTest(string password, string salt, int iterations, int dkLen, string expected) { using (var hmac = new HMACSHA256()) { var mine = new Pbkdf2(hmac, System.Text.Encoding.UTF8.GetBytes(password), System.Text.Encoding.UTF8.GetBytes(salt), iterations); sbyte[] result = mine.GetBytes(dkLen); byte[] usResult = (byte[])(Array)result; String hex = BitConverter.ToString(usResult); Assert.AreEqual(hex, expected); } }
// // Internal // internal static byte[] HashPassword(string password, AuthInfo authInfo) { var passwordBytes = password.ToBytes(); if (authInfo.IsMd5) { passwordBytes = Crypto.Md5(passwordBytes); } return(Pbkdf2.GenerateSha256(passwordBytes, authInfo.Salt, authInfo.IterationCount, 32)); }
/// <summary> /// Generate authentication informations and store them in a serializable object to allow persistence /// </summary> /// <param name="email">email</param> /// <param name="password">password</param> /// <returns><see cref="AuthInfos" /> object containing encrypted data</returns> /// <exception cref="ArgumentNullException">email or password is null</exception> public AuthInfos GenerateAuthInfos(string email, string password) { if (string.IsNullOrEmpty(email)) { throw new ArgumentNullException("email"); } if (string.IsNullOrEmpty(password)) { throw new ArgumentNullException("password"); } // Prelogin to retrieve account version PreLoginRequest preLoginRequest = new PreLoginRequest(email); PreLoginResponse preLoginResponse = this.Request <PreLoginResponse>(preLoginRequest); if (preLoginResponse.Version == 2 && !string.IsNullOrEmpty(preLoginResponse.Salt)) { // Mega uses a new way to hash password based on a salt sent by Mega during prelogin var saltBytes = preLoginResponse.Salt.FromBase64(); var passwordBytes = password.ToBytesPassword(); const int Iterations = 100000; var derivedKeyBytes = new byte[32]; using (var hmac = new HMACSHA512()) { var pbkdf2 = new Pbkdf2(hmac, passwordBytes, saltBytes, Iterations); derivedKeyBytes = pbkdf2.GetBytes(derivedKeyBytes.Length); } // Derived key contains master key (0-16) and password hash (16-32) return(new AuthInfos( email, derivedKeyBytes.Skip(16).ToArray().ToBase64(), derivedKeyBytes.Take(16).ToArray())); } else if (preLoginResponse.Version == 1) { // Retrieve password as UTF8 byte array byte[] passwordBytes = password.ToBytesPassword(); // Encrypt password to use password as key for the hash byte[] passwordAesKey = PrepareKey(passwordBytes); // Hash email and password to decrypt master key on Mega servers string hash = GenerateHash(email.ToLowerInvariant(), passwordAesKey); return(new AuthInfos(email, hash, passwordAesKey)); } else { throw new NotSupportedException("Version of account not supported"); } }
public byte[] DeriveSeed(string passphrase = null) { passphrase = passphrase ?? ""; byte[] salt = Concat(Encoding.UTF8.GetBytes("mnemonic"), Normalize(passphrase)); byte[] bytes = Normalize(this._Mnemonic); var mac = new NBitcoin.BouncyCastle.Crypto.Macs.HMac(new NBitcoin.BouncyCastle.Crypto.Digests.Sha512Digest()); mac.Init(new KeyParameter(bytes)); return(Pbkdf2.ComputeDerivedKey(mac, salt, 2048, 64)); }
public void VerifyHashedPasswordV2_Invalid_Hashed_Passwords_Should_Return_False(string password, string hash) { //arrange byte[] hashtBytes = Convert.FromBase64String(hash); //act bool isValid = Pbkdf2.VerifyHashedPasswordV2(hashtBytes, password); //assert Assert.False(isValid); }
public static byte[] DeriveKey(string username, string password, int iterationCount) { if (iterationCount <= 0) { throw new InternalErrorException("Iteration count should be positive"); } return(iterationCount == 1 ? Crypto.Sha256(username + password) : Pbkdf2.GenerateSha256(password.ToBytes(), username.ToBytes(), iterationCount, 32)); }
public void Sha256_1() { using var hmac = new HMACSHA256(); var P = "password"; var S = "salt"; var c = 1; var dkLen = 32; var DK = "12 0f b6 cf fc f8 b3 2c 43 e7 22 52 56 c4 f8 37 a8 65 48 c9 2c cc 35 48 08 05 98 7c b7 0b e1 7b"; var df = new Pbkdf2(hmac, P, S, c); Assert.Equal(DK, BitConverter.ToString(df.GetBytes(dkLen)).Replace('-', ' ').ToLowerInvariant()); }
public void Sha1_1() // RFC 6070 { using var hmac = new HMACSHA1(); var P = "password"; var S = "salt"; var c = 1; var dkLen = 20; var DK = "0c 60 c8 0f 96 1f 0e 71 f3 a9 b5 24 af 60 12 06 2f e0 37 a6"; var df = new Pbkdf2(hmac, P, S, c); Assert.Equal(DK, BitConverter.ToString(df.GetBytes(dkLen)).Replace('-', ' ').ToLowerInvariant()); }
public void Sha1_6() // RFC 6070 { using var hmac = new HMACSHA1(); var P = "pass\0word"; var S = "sa\0lt"; var c = 4096; var dkLen = 16; var DK = "56 fa 6a a7 55 48 09 9d cc 37 d7 f0 34 25 e0 c3"; var df = new Pbkdf2(hmac, P, S, c); Assert.Equal(DK, BitConverter.ToString(df.GetBytes(dkLen)).Replace('-', ' ').ToLowerInvariant()); }