[System.Security.SecuritySafeCritical] // auto-generated
public HMACSHA512 (byte[] key) {
m_hashName = "SHA512";
m_hash1 = new SHA512Managed();
m_hash2 = new SHA512Managed();
HashSizeValue = 512;
BlockSizeValue = BlockSize;
base.InitializeKey(key);
}
public static string CreateSHAHash(string Phrase)
{
SHA512Managed HashTool = new SHA512Managed();
Byte[] PhraseAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(Phrase));
Byte[] EncryptedBytes = HashTool.ComputeHash(PhraseAsByte);
HashTool.Clear();
return Convert.ToBase64String(EncryptedBytes);
}
[System.Security.SecuritySafeCritical] // auto-generated
public HMACSHA512 (byte[] key) {
m_hashName = "SHA512";
#if FULL_AOT_RUNTIME
m_hash1 = new SHA512Managed();
m_hash2 = new SHA512Managed();
#else
m_hash1 = GetHashAlgorithmWithFipsFallback(() => new SHA512Managed(), () => HashAlgorithm.Create("System.Security.Cryptography.SHA512CryptoServiceProvider"));
m_hash2 = GetHashAlgorithmWithFipsFallback(() => new SHA512Managed(), () => HashAlgorithm.Create("System.Security.Cryptography.SHA512CryptoServiceProvider"));
#endif
HashSizeValue = 512;
BlockSizeValue = BlockSize;
base.InitializeKey(key);
}
public string Generatehash512(string text)
{
byte[] message = Encoding.UTF8.GetBytes(text);
UnicodeEncoding UE = new UnicodeEncoding();
byte[] hashValue;
SHA512Managed hashString = new SHA512Managed();
string hex = "";
hashValue = hashString.ComputeHash(message);
foreach (byte x in hashValue)
{
hex += String.Format("{0:x2}", x);
}
return hex;
}
protected override byte[] getHash()
{
var hashIterations = 24200;
List<byte> hashList = new List<byte>();
var hash = new SHA512Managed();
var hashLength = Math.Max(plaintext.Length, cyphertext.Length);
while (hashList.Count <= hashLength)
{
byte[] hashBytes = hash.ComputeHash(key);
for (var i = 1; i < hashIterations; i++)
{
hashBytes = hash.ComputeHash(hashBytes);
}
hashList.AddRange(hashBytes);
}
return hashList.ToArray();
}
SHA512Managed (SHA512Managed other)
{
xBuf = new byte [other.xBuf.Length];
Array.Copy (other.xBuf, xBuf, xBuf.Length);
xBufOff = other.xBufOff;
byteCount1 = other.byteCount1;
byteCount2 = other.byteCount2;
H1 = other.H1;
H2 = other.H2;
H3 = other.H3;
H4 = other.H4;
H5 = other.H5;
H6 = other.H6;
H7 = other.H7;
H8 = other.H8;
W = new ulong [other.W.Length];
Array.Copy (other.W, W, W.Length);
wOff = other.wOff;
}
protected void btn_Register_Click(object sender, EventArgs e)
{
var checker = 0;
var FName = HttpUtility.HtmlEncode(tb_FName.Text);
var LName = HttpUtility.HtmlEncode(tb_LName.Text);
var CCNo = HttpUtility.HtmlEncode(tb_CCNo.Text);
var ExpDate = HttpUtility.HtmlEncode(tb_ExpDate.Text);
var CVV = HttpUtility.HtmlEncode(tb_CVV.Text);
var Email = HttpUtility.HtmlEncode(tb_Email.Text);
var Passwd = HttpUtility.HtmlEncode(tb_Passwd.Text);
var CnfmPasswd = HttpUtility.HtmlEncode(tb_CnfmPasswd.Text);
var DOB = HttpUtility.HtmlEncode(tb_DOB.Text);
if (IsValidEmail(Email) == false)
{
lb_EmailChecker.Text = "Invalid Email";
lb_EmailChecker.ForeColor = Color.Red;
}
else if (IsValidEmail(Email) == true)
{
checker++;
}
int scores = checkPassword(Passwd);
string status = "";
switch (scores)
{
case 1:
status = "Weak Passwords are not allowed";
break;
case 2:
status = "Weak Passwords are not allowed";
break;
case 3:
status = "Weak Passwords are not allowed";
break;
case 4:
status = "Weak Passwords are not allowed";
break;
case 5:
//all good
break;
}
lb_PasswdChecker.Text = status;
if (scores < 4)
{
lb_PasswdChecker.ForeColor = Color.Red;
}
else
{
checker++;
}
if (CnfmPasswd != Passwd)
{
lb_CnfmChecker.Text = "Passwords do not match!";
lb_CnfmChecker.ForeColor = Color.Red;
}
else if (CnfmPasswd == Passwd)
{
checker++;
}
if (IsCreditCardInfoValid(CCNo, ExpDate, CVV) == false)
{
lb_CCMsg.Text = "Credit Card information is not valid!";
lb_CCMsg.ForeColor = Color.Red;
}
else if (IsCreditCardInfoValid(CCNo, ExpDate, CVV) == true)
{
lb_CCMsg.Text = "";
checker++;
}
;
if (checker == 4)
{
string pwd = Passwd.Trim();;
//Generate random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = pwd + salt;
byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwd));
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashWithSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
createAccount(Email, FName, LName, CCNo, ExpDate, CVV, DOB);
Response.Redirect("Login.aspx", true);
}
}
private byte[] GetSystemEntropy()
{
SHA512Managed h = new SHA512Managed();
byte[] pb4 = new byte[4];
byte[] pb8 = new byte[8];
GAction <byte[], bool> f = delegate(byte[] pbValue, bool bClearValue)
{
if (pbValue == null)
{
Debug.Assert(false); return;
}
if (pbValue.Length == 0)
{
return;
}
h.TransformBlock(pbValue, 0, pbValue.Length, pbValue, 0);
if (bClearValue)
{
MemUtil.ZeroByteArray(pbValue);
}
};
Action <int> fI32 = delegate(int iValue)
{
MemUtil.Int32ToBytesEx(iValue, pb4, 0);
f(pb4, false);
};
Action <long> fI64 = delegate(long lValue)
{
MemUtil.Int64ToBytesEx(lValue, pb8, 0);
f(pb8, false);
};
Action <string> fStr = delegate(string strValue)
{
if (strValue == null)
{
Debug.Assert(false); return;
}
if (strValue.Length == 0)
{
return;
}
f(StrUtil.Utf8.GetBytes(strValue), false);
};
fI32(Environment.TickCount);
fI64(DateTime.UtcNow.ToBinary());
#if !KeePassLibSD
// In try-catch for systems without GUI;
// https://sourceforge.net/p/keepass/discussion/329221/thread/20335b73/
try
{
Point pt = Cursor.Position;
fI32(pt.X);
fI32(pt.Y);
}
catch (Exception) { Debug.Assert(NativeLib.IsUnix()); }
#endif
try
{
fI32((int)NativeLib.GetPlatformID());
#if KeePassUAP
fStr(EnvironmentExt.OSVersion.VersionString);
#else
fStr(Environment.OSVersion.VersionString);
#endif
fI32(Environment.ProcessorCount);
#if !KeePassUAP
fStr(Environment.CommandLine);
fI64(Environment.WorkingSet);
#endif
}
catch (Exception) { Debug.Assert(false); }
try
{
foreach (DictionaryEntry de in Environment.GetEnvironmentVariables())
{
fStr(de.Key as string);
fStr(de.Value as string);
}
}
catch (Exception) { Debug.Assert(false); }
try
{
#if KeePassUAP
f(DiagnosticsExt.GetProcessEntropy(), true);
#elif !KeePassLibSD
using (Process p = Process.GetCurrentProcess())
{
fI64(p.Handle.ToInt64());
fI32(p.HandleCount);
fI32(p.Id);
fI64(p.NonpagedSystemMemorySize64);
fI64(p.PagedMemorySize64);
fI64(p.PagedSystemMemorySize64);
fI64(p.PeakPagedMemorySize64);
fI64(p.PeakVirtualMemorySize64);
fI64(p.PeakWorkingSet64);
fI64(p.PrivateMemorySize64);
fI64(p.StartTime.ToBinary());
fI64(p.VirtualMemorySize64);
fI64(p.WorkingSet64);
// Not supported in Mono 1.2.6:
// fI32(p.SessionId);
}
#endif
}
catch (Exception) { Debug.Assert(NativeLib.IsUnix()); }
try
{
CultureInfo ci = CultureInfo.CurrentCulture;
if (ci != null)
{
fI32(ci.GetHashCode());
}
else
{
Debug.Assert(false);
}
}
catch (Exception) { Debug.Assert(false); }
f(Guid.NewGuid().ToByteArray(), false);
f(GetCspRandom(), true);
h.TransformFinalBlock(MemUtil.EmptyByteArray, 0, 0);
byte[] pbHash = h.Hash;
h.Clear();
MemUtil.ZeroByteArray(pb4);
MemUtil.ZeroByteArray(pb8);
return(pbHash);
}
public static string ComputeHash(string plaintext, Supported_HA hash, byte[] salt)
{
int minSaltLength = 4;
int maxSaltLenght = 6;
byte[] SaltBytes = null;
if (salt != null)
{
SaltBytes = salt;
}
else
{
Random r = new Random();
int SaltLenght = r.Next(minSaltLength, maxSaltLenght);
SaltBytes = new byte[SaltLenght];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(SaltBytes);
rng.Dispose();
}
byte[] plaintData = ASCIIEncoding.UTF8.GetBytes(plaintext);
byte[] plainDataAndSalt = new byte[plaintData.Length + SaltBytes.Length];
for (int x = 0; x < plaintData.Length; x++)
{
plainDataAndSalt[x] = plaintData[x];
}
for (int n = 0; n < SaltBytes.Length; n++)
{
plainDataAndSalt[plaintData.Length + n] = SaltBytes[n];
}
byte[] hashValue = null;
switch (hash)
{
case Supported_HA.SHA256:
SHA256Managed sha = new SHA256Managed();
hashValue = sha.ComputeHash(plainDataAndSalt);
sha.Dispose();
break;
case Supported_HA.SHA384:
SHA384Managed sha1 = new SHA384Managed();
hashValue = sha1.ComputeHash(plainDataAndSalt);
sha1.Dispose();
break;
case Supported_HA.SHA512:
SHA512Managed sha2 = new SHA512Managed();
hashValue = sha2.ComputeHash(plainDataAndSalt);
sha2.Dispose();
break;
}
byte[] resuflt = new byte[hashValue.Length + SaltBytes.Length];
for (int x = 0; x < hashValue.Length; x++)
{
resuflt[x] = hashValue[x];
}
for (int n = 0; n < SaltBytes.Length; n++)
{
resuflt[hashValue.Length + n] = SaltBytes[n];
}
return(Convert.ToBase64String(resuflt));
}
private void button_Click(object sender, RoutedEventArgs e)
{
var cinfo = C9ScanNative.NativeAccessHelpers.VolumeInformation("C:\\");
var files = Directory.GetFiles("e:\\ebooks", "*.*", SearchOption.AllDirectories);
{
var item = new TreeViewItem();
item.Header = "Files Found";
foreach (var file in files)
{
item.Items.Add(new TreeViewItem()
{
Header = file.ToString()
});
}
foundMatches.Items.Add(item);
}
{
foreach (var file in files)
{
// Open the file so that we can look inside it...
using (BinaryReader reader = new BinaryReader(File.Open(file, FileMode.Open)))
{
var information = new System.IO.FileInfo(file);
var fileLength = information.Length;
var maximumLength = (1024L * 16L);
long readSize = Math.Min(fileLength, maximumLength);
byte[] data = reader.ReadBytes((int)readSize);
var stream = reader.BaseStream;
{
int wherem = Array.IndexOf(data, (byte)13);
int wheren = Array.IndexOf(data, (byte)10);
int where = Math.Min(wherem, wheren);
if (where > 0)
{
string s = System.Text.Encoding.UTF8.GetString(data, 0, where);
string sa = System.Text.Encoding.ASCII.GetString(data, 0, where);
}
}
{
long chunkSize = 64;
if (fileLength > chunkSize)
{
stream.Seek(-chunkSize, SeekOrigin.End);
byte[] endData = reader.ReadBytes((int)chunkSize);
}
}
}
using (FileStream stream = File.OpenRead(file))
{
var sha = new SHA256Managed();
byte[] checksum = sha.ComputeHash(stream);
var resultHash = BitConverter.ToString(checksum).Replace("-", String.Empty);
}
using (FileStream stream = File.OpenRead(file))
{
var sha = new SHA1Managed();
byte[] checksum = sha.ComputeHash(stream);
var resultHash = BitConverter.ToString(checksum).Replace("-", String.Empty);
}
using (FileStream stream = File.OpenRead(file))
{
var sha = new SHA512Managed();
byte[] checksum = sha.ComputeHash(stream);
var resultHash = BitConverter.ToString(checksum).Replace("-", String.Empty);
}
}
}
//var ii = new C9ScanNative.Tzpx();
var jj = new C9ScanHelpers.GetScanResults();
C9ScanHelpers.GetScanResults.GetSomething();
//string result = C9ScanNative.NativeAccessHelpers.GetSomething();
{
var item = new TreeViewItem();
item.Header = "Volumes";
var names = C9ScanNative.NativeAccessHelpers.VolumeNames();
foreach (string volumeName in names)
{
// Create a node for the actual volume
var volumeItem = new TreeViewItem();
volumeItem.Header = volumeName;
item.Items.Add(volumeItem);
// Now enumerate the mount points...
var mounts = C9ScanNative.NativeAccessHelpers.MountNames(volumeName);
foreach (var mount in mounts)
{
item.Items.Add(new TreeViewItem()
{
Header = mount
});
}
}
foundMatches.Items.Add(item);
}
C9ScanNative.NativeAccessHelpers.DriveNames();
//var jjj = new NativeAccessHelpers();
//jjj.DoSomething();
//var aa = new C9ScanNative.
// var tt = new C9ScanNative.Class1();
//tt.Foo();
//var i = new NativeAccessHelpers();
//C9ScanNative.NativeAccessHelpers
//String[] vols =
}
/// <summary>
/// Hashes a byte array through SHA-512.
/// </summary>
/// <param name="input">The byte array for which to calculate the hash</param>
/// <returns>The SHA-512 digest.</returns>
public static byte[] SHA512(byte[] input)
{
using SHA512Managed sha512 = new SHA512Managed();
return(sha512.ComputeHash(input));
}
//
//==========================================================================================
/// <summary>
/// Generates a hash for the given plain text value and returns a
/// base64-encoded result. Before the hash is computed, a random salt
/// is generated and appended to the plain text. This salt is stored at
/// the end of the hash value, so it can be used later for hash
/// verification.
/// </summary>
/// <param name="plainText">
/// Plaintext value to be hashed. The function does not check whether
/// this parameter is null.
/// </param>
/// <param name="hashAlgorithm">
/// Name of the hash algorithm. Allowed values are: "MD5", "SHA1",
/// "SHA256", "SHA384", and "SHA512" (if any other value is specified
/// MD5 hashing algorithm will be used). This value is case-insensitive.
/// </param>
/// <param name="saltBytes">
/// Salt bytes. This parameter can be null, in which case a random salt
/// value will be generated.
/// </param>
/// <returns>
/// Hash value formatted as a base64-encoded string.
/// </returns>
public static string computeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
{
byte[] workingSalt;
if (saltBytes != null)
{
//
// -- use provide sale
workingSalt = saltBytes.ToArray();
}
else
{
//
// If salt is not specified, generate it on the fly.
int minSaltSize = 4;
int maxSaltSize = 8;
//
// Generate a random number for the size of the salt.
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
//
// Allocate a byte array, which will hold the salt.
workingSalt = new byte[saltSize];
//
// Initialize
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
//
// Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(workingSalt);
}
//
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
//
// Allocate array, which will hold plain text and salt.
byte[] plainTextWithSaltBytes = new byte[plainTextBytes.Length + workingSalt.Length];
//
// Copy plain text bytes into resulting array.
for (int i = 0; i < plainTextBytes.Length; i++)
{
plainTextWithSaltBytes[i] = plainTextBytes[i];
}
//
// Append salt bytes to the resulting array.
for (int i = 0; i < workingSalt.Length; i++)
{
plainTextWithSaltBytes[plainTextBytes.Length + i] = workingSalt[i];
}
//
// Because we support multiple hashing algorithms, we must define
// hash object as a common (abstract) base class. We will specify the
// actual hashing algorithm class later during object creation.
HashAlgorithm hash = null;
switch ((hashAlgorithm != null) ? hashAlgorithm.ToUpperInvariant() : "")
{
case "SHA1": {
hash = new SHA1Managed();
break;
}
case "SHA256": {
hash = new SHA256Managed();
break;
}
case "SHA384": {
hash = new SHA384Managed();
break;
}
case "SHA512": {
hash = new SHA512Managed();
break;
}
default: {
hash = new MD5CryptoServiceProvider();
break;
}
}
//
// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
//
// Create array which will hold hash and original salt bytes.
byte[] hashWithSaltBytes = new byte[hashBytes.Length + workingSalt.Length];
//
// Copy hash bytes into resulting array.
for (int i = 0; i < hashBytes.Length; i++)
{
hashWithSaltBytes[i] = hashBytes[i];
}
//
// Append salt bytes to the result.
for (int i = 0; i < workingSalt.Length; i++)
{
hashWithSaltBytes[hashBytes.Length + i] = workingSalt[i];
}
//
// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
//
// Return the result.
return(hashValue);
}
public static void SHA512(this ReadOnlySequence <byte> data, Span <byte> hash)
{
using (var sha = new SHA512Managed()) {
sha.TransformFinalBlock(data, hash);
}
}
protected void LoginMe(object sender, EventArgs e)
{
if (ValidateCaptcha())
{
bool validInput = ValidateInput();
if (validInput)
{
string pwd = tb_loginpass.Text.ToString().Trim();
string userid = tb_loginid.Text.ToString().Trim();
SHA512Managed hashing = new SHA512Managed();
string dbStatus = DBStatus(userid);
string dbHash = getDBHash(userid);
string dbSalt = getDBSalt(userid);
if (dbStatus != null && dbStatus.Length > 0)
{
if (dbStatus == "Open")
{
try
{
if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
{
string pwdWithSalt = pwd + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
string userHash = Convert.ToBase64String(hashWithSalt);
if (userHash.Equals(dbHash))
{
Session["LoggedIn"] = tb_loginid.Text.Trim();
// creat a new GUID and save it into the session
string guid = Guid.NewGuid().ToString();
Session["AuthToken"] = guid;
// to create a new cookie with this guid value
Response.Cookies.Add(new HttpCookie("AuthToken", guid));
Response.Redirect("HomePage.aspx", false);
}
else if (attemptcount < 3)
{
attemptcount++;
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "Password is invalid. You have " + (3 - attemptcount) + " attempts remaining" + "<br/>";
}
else if (attemptcount == 3)
{
setlockstatus(userid);
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "Your account is locked.";
}
}
else
{
lblMessage.ForeColor = Color.Red;
lblMessage.Text += "Email or password is not valid. Please try again." + "<br/>";
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
}
else
{
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "Your account is locked.";
}
}
}
}
else
{
lblMessage.ForeColor = Color.Red;
lblMessage.Text += "Failed to verify captcha" + "<br/>";
}
}
public string ComputeHash(string plaintext, string hashalgo, byte[] saltbyte)
{
if (saltbyte == null)
{
Random rand = new Random();
int saltsize = rand.Next(2, 10);
saltbyte = new byte[saltsize];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltbyte);
}
byte[] plaintextbytes = Encoding.UTF8.GetBytes(plaintext);
byte[] plaintextsaltbytes = new byte[plaintextbytes.Length + saltbyte.Length];
for (int i = 0; i < plaintextbytes.Length; i++)
{
plaintextsaltbytes[i] = plaintextbytes[i];
}
for (int i = 0; i < saltbyte.Length; i++)
{
plaintextsaltbytes[i + plaintextbytes.Length] = saltbyte[i];
}
HashAlgorithm hash;
if (hashalgo == null)
{
hashalgo = "";
}
switch (hashalgo.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
byte[] hashbytes = hash.ComputeHash(plaintextsaltbytes);
byte[] hashWithSaltBytes = new byte[hashbytes.Length +
saltbyte.Length];
for (int i = 0; i < hashbytes.Length; i++)
{
hashWithSaltBytes[i] = hashbytes[i];
}
for (int i = 0; i < saltbyte.Length; i++)
{
hashWithSaltBytes[hashbytes.Length + i] = saltbyte[i];
}
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
return(hashValue);
}
public SiteSecurityManager(IPrincipal principal, IDasBlogSettings dasBlogSettings)
{
_dasBlogSettings = dasBlogSettings;
_principal = principal;
_hashAlgorithm = SHA512Managed.Create();
}
protected void checkpass_Click(object sender, EventArgs e)
{
string pwd = tb_password.Text.ToString().Trim();;
int scores = checkPassword(tb_password.Text);
string status = "";
switch (scores)
{
case 1:
status = "Very Weak";
break;
case 2:
status = "Weak";
break;
case 3:
status = "Medium";
break;
case 4:
status = "Strong";
break;
case 5:
status = "Excellent";
break;
default:
break;
}
tb_pwdchecker.Text = "Status : " + status;
if (scores < 4)
{
tb_pwdchecker.ForeColor = Color.Red;
return;
}
else
{
if (ValidateCaptcha())
{
tb_pwdchecker.ForeColor = Color.Green;
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = pwd + salt;
byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwd));
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashWithSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
lockOut = false;
createAccount();
}
}
}
private void try_login()
{
try
{
if (username_input.Text == "")
{
throw new Exception("Sisesta kasutajanimi");
}
if (password_input.Text == "")
{
throw new Exception("Sisesta parool");
}
network udpcon = new network();
if (udpcon.connect_to_server())
{
// Get sha512 password
string sha512_password = "";
if (Properties.Settings.Default.remember_me)
{
sha512_password = Properties.Settings.Default.sha512_pw;
}
else
{
UnicodeEncoding UE = new UnicodeEncoding();
byte[] message = UE.GetBytes(password_input.Text);
SHA512Managed hashString = new SHA512Managed();
byte[] hashValue = hashString.ComputeHash(message);
foreach (byte x in hashValue)
{
sha512_password += String.Format("{0:x2}", x);
}
}
// Let's start building the packet
List <string> login_packet = new List <string>();
string version = Properties.Settings.Default.version.ToString();
//Clipboard.SetText(sha512_password);
if (version.Contains(","))
{
version = version.Replace(',', '.');
}
login_packet.Add(username_input.Text.ToLower());
login_packet.Add(sha512_password);
login_packet.Add(version);
login_packet.Add(get_hw_id());
// Send login packet and recieve response
byte[] login_response = udpcon.send_and_recieve(0x02, login_packet);
if (login_response[0] == 0xFA)
{
// we have failed login attempt
switch (login_response[1])
{
case 0x01:
throw new Exception("Tundmatu veateade!");
case 0x02:
throw new Exception("Sinu kliendi versioon on liiga vana!");
case 0x03:
throw new Exception("Vale kasutajanimi või parool!");
case 0x04:
throw new Exception("Kasutaja on juba sisse loginud. Juhul kui Sinu ühendus aegus, oota 2min!");
case 0x05:
List <string> ban_info = udpcon.extract_data(login_response);
throw new Exception("Sa oled banned.\nPõhjus: " + ban_info[0] + "\nKestab kuni: " + ban_info[1]);
case 0x06:
throw new Exception("Serveriga ühenduse loomine ebaõnnestus!");
}
}
if (login_response[0] == 0xFF)
{
// Login was successful
List <string> recieved_data = udpcon.extract_data(login_response);
steamid = recieved_data[0];
string password = recieved_data[1];
s_hash = long.Parse(recieved_data[2]);
if (password != sha512_password)
{
List <string> abuse_data = new List <string>();
abuse_data.Add("Passwords do not match at user-side after getting 'ok'");
//main_client.send_data(0x16, abuseData);
}
else
{
if (remember_me.Checked)
{
string keyName = @"HKEY_CURRENT_USER\SOFTWARE\everest\Gather";
Registry.SetValue(keyName, "username", username_input.Text);
Registry.SetValue(keyName, "password", sha512_password);
Registry.SetValue(keyName, "remember_me", true);
}
else
{
string keyName = @"HKEY_CURRENT_USER\SOFTWARE\everest\Gather";
Registry.SetValue(keyName, "username", "");
Registry.SetValue(keyName, "password", "");
Registry.SetValue(keyName, "remember_me", false);
}
// initialize new window and give refrence to connection and this form
main_hub_scr main_window = new main_hub_scr(this, udpcon);
main_window.Show();
this.Hide();
//throw new Exception("LOGIN OK");
}
}
//c_msgbox.show_msg(false, "See funktsioon ei ole valmis veel!\nSinu hw_id: " + get_hw_id());
}
else
{
c_msgbox.show_msg(true, "Serveriga ühenduse loomine ebaõnnestus!");
}
}
catch (Exception ex)
{
c_msgbox.show_msg(true, ex.Message);
}
}
internal bool InvokeNetGetData(ref byte msgId, MessageBuffer buffer, ref int index, ref int length)
{
if (Main.netMode == 2)
{
// A critical server crash/slow-down bug was exploited in which a 0-length
// packet is sent, causing all NetGetData handlers to throw exceptions.
// Because a packet's header is 2 bytes of length + 1 byte of packet type,
// all packets must contain at least 3 bytes.
// Ideally this check should occur in an OTAPI modification.
if (length < 1)
{
RemoteClient currentClient = Netplay.Clients[buffer.whoAmI];
Netplay.Clients[buffer.whoAmI].PendingTermination = true;
return(true);
}
// A critical server crash/corruption bug was reported by @bartico6 on GitHub.
// If a packet length comes in at extreme values, the server can enter infinite loops, deadlock, and corrupt the world.
// As a result, we take the following action: disconnect the player and log the attempt as soon as we can.
// The length 1000 was chosen as an arbitrarily large number for all packets. It may need to be tuned later.
if (length > 1000)
{
RemoteClient currentClient = Netplay.Clients[buffer.whoAmI];
Netplay.Clients[buffer.whoAmI].PendingTermination = true;
return(true);
}
switch ((PacketTypes)msgId)
{
case PacketTypes.ConnectRequest:
if (this.InvokeServerConnect(buffer.whoAmI))
{
Netplay.Clients[buffer.whoAmI].PendingTermination = true;
return(true);
}
break;
case PacketTypes.ContinueConnecting2:
if (this.InvokeServerJoin(buffer.whoAmI))
{
Netplay.Clients[buffer.whoAmI].PendingTermination = true;
return(true);
}
break;
case PacketTypes.LoadNetModule:
using (var stream = new MemoryStream(buffer.readBuffer))
{
stream.Position = index;
using (var reader = new BinaryReader(stream))
{
ushort moduleId = reader.ReadUInt16();
//LoadNetModule is now used for sending chat text.
//Read the module ID to determine if this is in fact the text module
if (moduleId == Terraria.Net.NetManager.Instance.GetId <Terraria.GameContent.NetModules.NetTextModule>())
{
//Then deserialize the message from the reader
Terraria.Chat.ChatMessage msg = Terraria.Chat.ChatMessage.Deserialize(reader);
if (InvokeServerChat(buffer, buffer.whoAmI, @msg.Text, msg.CommandId))
{
return(true);
}
}
}
}
break;
//Making sure packet length is 38, otherwise it's not a valid UUID packet length.
//We copy the bytes of the UUID then convert it to string. Then validating the GUID so its the correct format.
//Then the bytes get hashed, and set as ClientUUID (and gets written in DB for auto-login)
//length minus 2 = 36, the length of a UUID.
case PacketTypes.ClientUUID:
if (length == 38)
{
byte[] uuid = new byte[length - 2];
Buffer.BlockCopy(buffer.readBuffer, index + 1, uuid, 0, length - 2);
Guid guid = new Guid();
if (Guid.TryParse(Encoding.Default.GetString(uuid, 0, uuid.Length), out guid))
{
SHA512 shaM = new SHA512Managed();
var result = shaM.ComputeHash(uuid);
Netplay.Clients[buffer.whoAmI].ClientUUID = result.Aggregate("", (s, b) => s + b.ToString("X2"));
return(true);
}
}
Netplay.Clients[buffer.whoAmI].ClientUUID = "";
return(true);
}
}
GetDataEventArgs args = new GetDataEventArgs
{
MsgID = (PacketTypes)msgId,
Msg = buffer,
Index = index,
Length = length
};
this.NetGetData.Invoke(args);
msgId = (byte)args.MsgID;
index = args.Index;
length = args.Length;
return(args.Handled);
}
public static string Get_salt()
{
var size_in_bytes = SHA512Managed.Create().HashSize / 8;
return(RandomString(size_in_bytes));
}
public String Hash(String input)
{
SHA512Managed sha512 = new SHA512Managed();
return(sha512.ComputeHash(this.TextEncoding.GetBytes(input)).ToHexString());
}
protected void changBtn_Click(object sender, EventArgs e)
{
var score = checkPassword(newPass.Text);
if (score < 4)
{
errorMsg.Text = "Password not strong enough";
errorMsg.ForeColor = Color.Red;
return;
}
var email = Session["LoggedIn"];
SHA512Managed hashing = new SHA512Managed();
string gethash = "SELECT PasswordHash FROM ASusers WHERE Email = @Email";
string getsalt = "SELECT PasswordSalt FROM ASusers WHERE Email = @Email";
using (SqlConnection connection = new SqlConnection(MYDBConnectionString))
{
connection.Open();
SqlCommand hashcommand = new SqlCommand(gethash, connection);
SqlCommand saltcommand = new SqlCommand(getsalt, connection);
hashcommand.Parameters.AddWithValue("@Email", email);
saltcommand.Parameters.AddWithValue("@Email", email);
string hash = hashcommand.ExecuteScalar().ToString();
string salt = saltcommand.ExecuteScalar().ToString();
var pwdWithSalt = oldPass.Text + salt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
var finalHash = Convert.ToBase64String(hashWithSalt);
if (hash == finalHash)
{
string checkpass1 = "SELECT Password1 FROM [PasswordHistory] WHERE Email = @Email";
string checkpass2 = "SELECT Password2 FROM [PasswordHistory] WHERE Email = @Email";
SqlCommand checkpass1command = new SqlCommand(checkpass1, connection);
SqlCommand checkpass2command = new SqlCommand(checkpass2, connection);
checkpass1command.Parameters.AddWithValue("@Email", email);
checkpass2command.Parameters.AddWithValue("@Email", email);
string pass1 = checkpass1command.ExecuteScalar().ToString();
string pass2 = checkpass2command.ExecuteScalar().ToString();
var newpwdWithSalt = newPass.Text + salt;
byte[] newhashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(newpwdWithSalt));
var newfinalHash = Convert.ToBase64String(newhashWithSalt);
if (newfinalHash == pass1)
{
errorMsg.Text = "Please use another password";
errorMsg.ForeColor = Color.Red;
return;
}
if (newfinalHash == pass2)
{
errorMsg.Text = "Please use another password";
errorMsg.ForeColor = Color.Red;
return;
}
string updatePassword = "******";
SqlCommand updateCommand = new SqlCommand(updatePassword, connection);
updateCommand.Parameters.AddWithValue("@PasswordHash", newfinalHash);
updateCommand.Parameters.AddWithValue("@Email", email);
updateCommand.ExecuteNonQuery();
using (SqlCommand cmd = new SqlCommand("UPDATE [PasswordHistory] SET Password1 = @PasswordHash1, Password2 = @PasswordHash2 ,TimeCreated = @TimeCreated WHERE Email = @Email", connection))
{
using (SqlDataAdapter sda = new SqlDataAdapter())
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@PasswordHash1", newfinalHash);
cmd.Parameters.AddWithValue("@PasswordHash2", finalHash);
cmd.Parameters.AddWithValue("@Email", email);
cmd.Parameters.AddWithValue("@TimeCreated", DateTime.Now.ToString());
cmd.ExecuteNonQuery();
connection.Close();
}
}
}
else
{
errorMsg.Text = "Password is incorrect";
}
connection.Close();
Session["PasswordAge"] = DateTime.Now.AddMinutes(5).ToString();
Response.Redirect("Home.aspx");
}
}
public override void GenerateKey(string secretKey, AlgorithmKeyType type)
{
Key = new byte[8];
IV = new byte[8];
byte[] bKey = Encoding.UTF8.GetBytes(secretKey);
switch (type)
{
case AlgorithmKeyType.MD5: //16 byte
using (MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider())
{
md5.ComputeHash(bKey);
byte[] rmd5 = md5.Hash;
for (int i = 0; i < 8; i++)
{
Key[i] = rmd5[i];
}
for (int j = 15; j >= 8; j--)
{
IV[15 - j] = rmd5[j];
}
}
break;
case AlgorithmKeyType.SHA1: //20 byte
using (SHA1Managed sha1 = new SHA1Managed())
{
sha1.ComputeHash(bKey);
byte[] rsha1 = sha1.Hash;
for (int i = 0; i < 8; i++)
{
Key[i] = rsha1[i];
}
for (int j = 19; j > 11; j--)
{
IV[19 - j] = rsha1[j];
}
}
break;
case AlgorithmKeyType.SHA256: //32 byte
using (SHA256Managed sha256 = new SHA256Managed())
{
sha256.ComputeHash(bKey);
byte[] rsha256 = sha256.Hash;
for (int i = 0; i < 8; i++)
{
Key[i] = rsha256[i];
}
for (int j = 31; j >= 24; j--)
{
IV[31 - j] = rsha256[j];
}
}
break;
case AlgorithmKeyType.SHA384: //48 byte
using (SHA384Managed sha384 = new SHA384Managed())
{
sha384.ComputeHash(bKey);
byte[] rsha384 = sha384.Hash;
for (int i = 0; i < 8; i++)
{
Key[i] = rsha384[i];
}
for (int j = 47; j > 39; j--)
{
IV[47 - j] = rsha384[j];
}
}
break;
case AlgorithmKeyType.SHA512: //64 byte
using (SHA512Managed sha512 = new SHA512Managed())
{
sha512.ComputeHash(bKey);
byte[] rsha512 = sha512.Hash;
for (int i = 0; i < 8; i++)
{
Key[i] = rsha512[i];
}
for (int j = 63; j > 55; j--)
{
IV[63 - j] = rsha512[j];
}
}
break;
default:
break;
}
}
protected (Boolean, string, string, string) getPasswordReuse(string email)
{
SHA512Managed hashing = new SHA512Managed();
string dbSalt = getDBSalt(email);
Boolean s = false;
if (dbSalt != null && dbSalt.Length > 0)
{
SqlConnection connection = new SqlConnection(AppSecDBConnectionString);
string sql = "select passwordList FROM Account WHERE email=@EMAIL";
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.AddWithValue("@EMAIL", email);
try
{
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
if (reader["passwordList"] != null)
{
if (reader["passwordList"] != DBNull.Value)
{
string plist = reader["passwordList"].ToString();
string[] plistsplit = plist.Split(new[] { "|||" }, StringSplitOptions.None);
string passwordWithSalt = tb_changePW.Text + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(passwordWithSalt));
string userHash = Convert.ToBase64String(hashWithSalt);
for (int i = 0; i < plistsplit.Length; i++)
{
if (userHash.Equals(plistsplit[i]))
{
s = true;
}
}
if (!(s))
{
if (plistsplit.Length < 3)
{
var newplist = plistsplit[0] + "|||" + userHash + "|||";
return(s, email, newplist.Trim(), userHash);
}
else
{
var newplist = plistsplit[1] + "|||" + userHash + "|||";
return(s, email, newplist.Trim(), userHash);
}
}
}
}
}
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally { connection.Close(); }
return(s, "", "", "");
}
return(s, "", "", "");
}
public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
{
// If salt is not specified, generate it.
if (saltBytes == null)
{
// Define min and max salt sizes.
int minSaltSize = 4;
int maxSaltSize = 8;
// Generate a random number for the size of the salt.
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
// Allocate a byte array, which will hold the salt.
saltBytes = new byte[saltSize];
// Initialize a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes);
}
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// Allocate array, which will hold plain text and salt.
byte[] plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
// Copy plain text bytes into resulting array.
for (int i = 0; i < plainTextBytes.Length; i++)
{
plainTextWithSaltBytes[i] = plainTextBytes[i];
}
// Append salt bytes to the resulting array.
for (int i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
}
HashAlgorithm hash;
// Make sure hashing algorithm name is specified.
if (hashAlgorithm == null)
{
hashAlgorithm = "";
}
// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm.ToUpper())
{
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
// Create array which will hold hash and original salt bytes.
byte[] hashWithSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];
// Copy hash bytes into resulting array.
for (int i = 0; i < hashBytes.Length; i++)
{
hashWithSaltBytes[i] = hashBytes[i];
}
// Append salt bytes to the result.
for (int i = 0; i < saltBytes.Length; i++)
{
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
}
// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
// Return the result.
return(hashValue);
}
/// <summary>
/// Calculates the hash of a data using SHA hash algorithm.
/// </summary>
/// <param name="data">The data to hash.</param>
/// <param name="offset">The offset.</param>
/// <param name="length">The length.</param>
/// <param name="hashSize">Size of the hash.</param>
/// <returns>
/// Calculated hash
/// </returns>
private static byte[] CalculateHashSha(this byte[] data, int offset, int length, int hashSize)
{
data.CannotBeNullOrEmpty();
offset.MustBeGreaterThanOrEqualTo(0);
length.MustBeGreaterThanOrEqualTo(0);
hashSize.MustBeOneOf(128, 256, 384, 512);
byte[] hashRaw = null;
if (data != null)
{
if (hashSize == 128)
{
#pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
using (HashAlgorithm sha = new SHA1CryptoServiceProvider())
#pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
else if (hashSize == 256)
{
try
{
using (HashAlgorithm sha = new SHA256CryptoServiceProvider())
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
catch (PlatformNotSupportedException)
{
// Fall back to the managed version if the CSP
// is not supported on this platform.
using (HashAlgorithm sha = new SHA256Managed())
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
}
else if (hashSize == 384)
{
try
{
using (HashAlgorithm sha = new SHA384CryptoServiceProvider())
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
catch (PlatformNotSupportedException)
{
// Fall back to the managed version if the CSP
// is not supported on this platform.
using (HashAlgorithm sha = new SHA384Managed())
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
}
else if (hashSize == 512)
{
try
{
using (HashAlgorithm sha = new SHA512CryptoServiceProvider())
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
catch (PlatformNotSupportedException)
{
// Fall back to the managed version if the CSP
// is not supported on this platform.
using (HashAlgorithm sha = new SHA512Managed())
{
hashRaw = CalculateHash(data, offset, length, sha);
}
}
}
}
return hashRaw;
}
public static string ComputeHash(string plainText,
Algorith hashAlgorithm,
byte[] saltBytes)
{
// If salt is not specified, generate it on the fly.
if (saltBytes == null)
{
// Define min and max salt sizes.
int minSaltSize = 4;
int maxSaltSize = 8;
// Generate a random number for the size of the salt.
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
// Allocate a byte array, which will hold the salt.
saltBytes = new byte[saltSize];
// Initialize a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes);
}
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// Allocate array, which will hold plain text and salt.
byte[] plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
// Copy plain text bytes into resulting array.
for (int i = 0; i < plainTextBytes.Length; i++)
{
plainTextWithSaltBytes[i] = plainTextBytes[i];
}
// Append salt bytes to the resulting array.
for (int i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
}
// Because we support multiple hashing algorithms, we must define
// hash object as a common (abstract) base class. We will specify the
// actual hashing algorithm class later during object creation.
HashAlgorithm hash;
// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm)
{
case Algorith.SHA1:
hash = new SHA1Managed();
break;
case Algorith.SHA256:
hash = new SHA256Managed();
break;
case Algorith.SHA384:
hash = new SHA384Managed();
break;
case Algorith.SHA512:
hash = new SHA512Managed();
break;
case Algorith.MD5:
hash = new MD5CryptoServiceProvider();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
// Create array which will hold hash and original salt bytes.
byte[] hashWithSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];
// Copy hash bytes into resulting array.
for (int i = 0; i < hashBytes.Length; i++)
{
hashWithSaltBytes[i] = hashBytes[i];
}
// Append salt bytes to the result.
for (int i = 0; i < saltBytes.Length; i++)
{
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
}
// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
// Return the result.
return(hashValue);
}
protected void submitBtn_Click(object sender, EventArgs e)
{
int scores = checkPassword(HttpUtility.HtmlEncode(firstPasswordTB.Text.Trim()));
switch (scores)
{
case 1:
firstPasswordError.Text = "Very Weak";
firstPasswordError.ForeColor = Color.Red;
break;
case 2:
firstPasswordError.Text = "Weak";
firstPasswordError.ForeColor = Color.Red;
break;
case 3:
firstPasswordError.Text = "Medium";
firstPasswordError.ForeColor = Color.Red;
break;
case 4:
firstPasswordError.Text = "Strong";
firstPasswordError.ForeColor = Color.Red;
break;
case 5:
firstPasswordError.Text = "Excellent";
firstPasswordError.ForeColor = Color.Green;
break;
default:
break;
}
bool validInput = ValidateInput();
bool validCaptcha = ValidateCaptcha();
if (validInput == true && validCaptcha == true && scores == 5)
{
bool presentEmail = getEmail(emailTB.Text);
//Checks if email is present or not
if (presentEmail == true)
{
errorMsg.Text = "Please choose another email for registration";
errorMsg.ForeColor = Color.Red;
emailError.Text = "Please choose another email for registration";
emailError.ForeColor = Color.Red;
//Response.Redirect("Registration.aspx",false);
}
else
{
//submitBtn.Enabled = true;
//secondPasswordTB.Text = validCaptcha.ToString();
//Retrieve password input
string password = HttpUtility.HtmlEncode(firstPasswordTB.Text.ToString().Trim());
//Generate random salt
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = password + salt;
byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(password));
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashWithSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
CreateAccount();
//Redirect to Login page
Response.Redirect("Login.aspx", false);
}
}
else
{
ValidateInput();
//submitBtn.Enabled = false;
//Response.Redirect("Registration.aspx", false);
}
}
protected void btn_ChangePassword_Click(object sender, EventArgs e)
{
string email = Session["SSEmail"].ToString();
int scores = checkPassword(tb_new_password.Text);
string status = "";
switch (scores)
{
case 1:
status = "Very Weak";
break;
case 2:
status = "Weak";
break;
case 3:
status = "Medium";
break;
case 4:
status = "Strong";
break;
case 5:
status = "Excellent";
break;
default:
break;
}
lbl_pwdChecker.Text = "Status : " + status;
if (scores < 4)
{
lbl_pwdChecker.ForeColor = Color.Red;
return;
}
else
{
lbl_pwdChecker.ForeColor = Color.Green;
}
string currentPwd = tb_old_password.Text.ToString().Trim();
string newPwd = tb_new_password.Text.ToString().Trim();
//Generate random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
//rng.GetBytes(saltByte);
//salt = Convert.ToBase64String(saltByte);
SHA512Managed hashing = new SHA512Managed();
//string dbHash = getDBHash(email);
string dbSalt = getDBSalt(email);
string currentPwdWithSalt = currentPwd + dbSalt;
string newPwdWithSalt = newPwd + dbSalt;
string oldPwdHash = getOldDBHash(email);
byte[] newHashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(newPwdWithSalt));
NewHash = Convert.ToBase64String(newHashWithSalt);
byte[] currentHashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(currentPwdWithSalt));
if (newPwdWithSalt == currentPwdWithSalt)
{
passChangeErrMsg.Text = "Cannot use the same password.";
passChangeErrMsg.ForeColor = System.Drawing.Color.Red;
}
else if (NewHash.Equals(oldPwdHash))
{
passChangeErrMsg.Text = "Cannot use the same password as the first time or password is incorrect.";
passChangeErrMsg.ForeColor = System.Drawing.Color.Red;
}
else
{
finalHash = Convert.ToBase64String(newHashWithSalt);
Response.Redirect("SuccessPasswordChange.aspx", false);
UpdateAccount(email, finalHash, dbSalt);
}
//finalHash = Convert.ToBase64String(newHashWithSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
}
public override MazeErrorCode onReceiveData(byte[] Data, ref byte[] ResponseData)
{
ResponseData = new byte[0];
if (LastErrorCode != MazeErrorCode.Success)
{
//don't continue if the client/server messed something up
return(LastErrorCode);
}
switch (base.Step)
{
case 1:
{
//step 2
if (Data.Length != Mazing.ByteCode.Length)
{
SysLogger.Log("[MazeHandShake][Server] ByteCode Length Missmatch", SysLogType.Debug);
return(MazeErrorCode.WrongByteCode);
}
for (int i = 0; i < Mazing.ByteCode.Length; i++)
{
if (Mazing.ByteCode[i] != Data[i])
{
SysLogger.Log("[MazeHandShake][Server] WrongByteCode from client", SysLogType.Debug);
return(MazeErrorCode.WrongByteCode);
}
}
Step++;
break;
}
case 2:
{
if (onFindKeyInDatabase == null) //programmer error
{
SysLogger.Log("[MazeHandShake][Server] onFindKeyInDatabase is null", SysLogType.Debug);
ResponseData = GetFailResponseData(); //not encrypted, client knows this will fail
return(MazeErrorCode.Error);
}
string EncHashedMsg = BitConverter.ToString(SHA512Managed.Create().ComputeHash(Data, 0, Data.Length)).Replace("-", "");
byte[] _key = new byte[0];
byte[] _salt = new byte[0];
byte[] _publicKey = new byte[0];
string _userName = "";
if (onFindKeyInDatabase(EncHashedMsg, ref _key, ref _salt, ref _publicKey, ref _userName))
{
this.PublicKeyData = TrimArray(_publicKey, Mazing.MAX_KEY_SIZE);
this.wopEx = base.GetWopEncryption(_key, _salt);
base.FinalKey = _key;
base.FinalSalt = _salt;
//let's try to decrypt the data, should go successful
wopEx.Decrypt(Data, 0, Data.Length);
if (Data.Length != _publicKey.Length)
{
SysLogger.Log("[MazeHandShake][Server] Public key length missmatch", SysLogType.Debug);
//key size not the same... strange
ResponseData = GetFailResponseData();
return(MazeErrorCode.Error);
}
for (int i = 0; i < _publicKey.Length; i++)
{
if (Data[i] != _publicKey[i])
{
SysLogger.Log("[MazeHandShake][Server] Public key missmatch", SysLogType.Debug);
//public key did not match... strange
ResponseData = GetFailResponseData();
return(MazeErrorCode.Error);
}
}
//encryption / public key went successful for now
this.server_Prime = BigInteger.genPseudoPrime(256, 50, new Random(BitConverter.ToInt32(_key, 0)));
byte[] primeData = server_Prime.getBytes();
wopEx.Encrypt(primeData, 0, primeData.Length);
ResponseData = primeData;
this.Username = _userName;
Step++;
}
else
{
SysLogger.Log("[MazeHandShake][Server] No user key found in database", SysLogType.Debug);
ResponseData = GetFailResponseData();
return(MazeErrorCode.UserKeyNotFound);
}
break;
}
case 3:
{
//response back from client with his prime number
wopEx.Decrypt(Data, 0, Data.Length);
this.client_Prime = new BigInteger(Data);
if (this.client_Prime.isProbablePrime())
{
//verify the prime from the client
BigInteger client_Prime_test = BigInteger.genPseudoPrime(256, 50, new Random(this.server_Prime.IntValue()));
if (this.client_Prime != client_Prime_test)
{
//Attacker detected ?
SysLogger.Log("[MazeHandShake][Server] Man-In-The-Middle detected", SysLogType.Debug);
return(MazeErrorCode.Error);
}
BigInteger key = base.ModKey(server_Prime, client_Prime);
//apply key to encryption
ApplyKey(wopEx, key);
return(MazeErrorCode.Finished);
}
else
{
SysLogger.Log("[MazeHandShake][Server] Invalid response", SysLogType.Debug);
return(MazeErrorCode.Error);
}
}
}
return(MazeErrorCode.Success);
}
public string validar_login_inyeccion_Sp(String documento, String clave)
{
string estado = "Activo";
//se define la cadena de conexion con la red
SqlConnection conex = new SqlConnection(ConfigurationManager.ConnectionStrings["invenire_cuero_ConnectionString"].ConnectionString);
//se mapea(lee) el procedimieto alamcenado
SqlCommand testCMD = new SqlCommand("validar_login", conex);
//
testCMD.CommandType = CommandType.StoredProcedure;
//envio del parametro usuario al sp
SqlParameter IdIn = testCMD.Parameters.Add("@documento", SqlDbType.VarChar, 20);
IdIn.Direction = ParameterDirection.Input;
IdIn.Value = documento;
//envio del parametro clave al sp
//se consulta la clave encriptada
// var consulta = "select contrasena from tbl_usuario where contrasena = '" + clave + "'";
// var cmd = new SqlCommand(consulta, conex);
// conex.Open();
// SqlDataReader leerbd = cmd.ExecuteReader();
//if (leerbd.Read() == true)
// {
// //captura la clave encriptada del usuario
// clave_encriptada = leerbd.GetString(0);
// }
//conex.Close();
////se desencripta la clave
//string result = string.Empty;
// byte[] decryted = System.Text.Encoding.Unicode.GetBytes(clave_encriptada);
// result = Convert.ToBase64String(decryted);
//string result = string.Empty;
//byte[] encryted = System.Text.Encoding.Unicode.GetBytes(clave);
//result = Convert.ToBase64String(encryted);
SHA512 sha512 = SHA512Managed.Create();
ASCIIEncoding encoding = new ASCIIEncoding();
byte[] stream = null;
StringBuilder sb = new StringBuilder();
stream = sha512.ComputeHash(encoding.GetBytes(clave));
for (int i = 0; i < stream.Length; i++)
{
sb.AppendFormat("{0:x2}", stream[i]);
}
string result = sb.ToString();
SqlParameter IdIn1 = testCMD.Parameters.Add("@clave", SqlDbType.VarChar, 600);
IdIn1.Direction = ParameterDirection.Input;
IdIn1.Value = result;
//envio del parametro estado al sp
SqlParameter IdIn2 = testCMD.Parameters.Add("@estado", SqlDbType.VarChar, 20);
IdIn2.Direction = ParameterDirection.Input;
IdIn2.Value = estado;
//se abre la conexion
conex.Open();
//se ejecuta el sp
SqlDataReader myReader = testCMD.ExecuteReader();
if (myReader.Read() == true)
{
mensaje = "Exito";
}
else
{
mensaje = "Error";
}
//se cierra la conexion
conex.Close();
return(mensaje);
}//FIN METODO VALIDAR ACCESO
byte[] IHashAlgorithm.GetRunningHash ()
{
var copy = new SHA512Managed (this);
copy.TransformFinalBlock (empty, 0, 0);
return copy.Hash;
}
/// <summary>
/// Create a cryptographic key of length <paramref name="cbOut" />
/// (in bytes) from <paramref name="pbIn" />.
/// </summary>
public static byte[] ResizeKey(byte[] pbIn, int iInOffset,
int cbIn, int cbOut)
{
if (pbIn == null)
{
throw new ArgumentNullException("pbIn");
}
if (cbOut < 0)
{
throw new ArgumentOutOfRangeException("cbOut");
}
if (cbOut == 0)
{
return(MemUtil.EmptyByteArray);
}
byte[] pbHash;
if (cbOut <= 32)
{
pbHash = HashSha256(pbIn, iInOffset, cbIn);
}
else
{
using (SHA512Managed h = new SHA512Managed())
{
pbHash = h.ComputeHash(pbIn, iInOffset, cbIn);
}
}
if (cbOut == pbHash.Length)
{
return(pbHash);
}
byte[] pbRet = new byte[cbOut];
if (cbOut < pbHash.Length)
{
Array.Copy(pbHash, pbRet, cbOut);
}
else
{
int iPos = 0;
ulong r = 0;
while (iPos < cbOut)
{
Debug.Assert(pbHash.Length == 64);
using (HMACSHA256 h = new HMACSHA256(pbHash))
{
byte[] pbR = MemUtil.UInt64ToBytes(r);
byte[] pbPart = h.ComputeHash(pbR);
int cbCopy = Math.Min(cbOut - iPos, pbPart.Length);
Debug.Assert(cbCopy > 0);
Array.Copy(pbPart, 0, pbRet, iPos, cbCopy);
iPos += cbCopy;
++r;
MemUtil.ZeroByteArray(pbPart);
}
}
Debug.Assert(iPos == cbOut);
}
#if DEBUG
byte[] pbZero = new byte[pbHash.Length];
Debug.Assert(!MemUtil.ArraysEqual(pbHash, pbZero));
#endif
MemUtil.ZeroByteArray(pbHash);
return(pbRet);
}
public static bool VerifyData(byte[] bytesToVerify, string signedMessage, RSAParameters publicKey)
{
bool success = false;
using (var rsa = new RSACryptoServiceProvider())
{
byte[] signedBytes = Convert.FromBase64String(signedMessage);
try
{
rsa.ImportParameters(publicKey);
SHA512Managed Hash = new SHA512Managed();
byte[] hashedData = Hash.ComputeHash(signedBytes);
success = rsa.VerifyData(bytesToVerify, CryptoConfig.MapNameToOID("SHA512"), signedBytes);
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
}
finally
{
rsa.PersistKeyInCsp = false;
}
}
return success;
}
public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
{
if (saltBytes == null)
{
int minSaltSize = 4;
int maxSaltSize = 8;
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
saltBytes = new byte[saltSize];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltBytes);
}
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
byte[] plainTextWithSaltBytes = new byte[plainTextBytes.Length + saltBytes.Length];
for (int i = 0; i < plainTextBytes.Length; i++)
plainTextWithSaltBytes[i] = plainTextBytes[i];
for (int i = 0; i < saltBytes.Length; i++)
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
HashAlgorithm hash;
if (hashAlgorithm == null)
hashAlgorithm = "";
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
byte[] hashWithSaltBytes = new byte[hashBytes.Length + saltBytes.Length];
for (int i = 0; i < hashBytes.Length; i++)
hashWithSaltBytes[i] = hashBytes[i];
for (int i = 0; i < saltBytes.Length; i++)
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
return hashValue;
}
// This function verifies if credentails exist and whether or not user is
// authenticated by our system. (Overloading)
public async Task <string> VerifyUserCredentials(string userEmail, string userPassword, AccountSalt accountSalt)
{
string isUserVerified = "";
try
{
SHA512 sHA512 = new SHA512Managed();
var client = new HttpClient();
byte[] data = sHA512.ComputeHash(Encoding.UTF8.GetBytes(userPassword + accountSalt.password_salt));
string hashedPassword = BitConverter.ToString(data).Replace("-", string.Empty).ToLower();
LogInPost loginPostContent = new LogInPost();
loginPostContent.email = userEmail;
loginPostContent.password = hashedPassword;
loginPostContent.social_id = "";
loginPostContent.signup_platform = "";
string loginPostContentJson = JsonConvert.SerializeObject(loginPostContent);
var httpContent = new StringContent(loginPostContentJson, Encoding.UTF8, "application/json");
var response = await client.PostAsync(Constant.LogInUrl, httpContent);
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
var authetication = JsonConvert.DeserializeObject <RDSAuthentication>(responseContent);
if (authetication.code.ToString() == Constant.EmailNotFound)
{
userToSignUp = new SignUpAccount();
userToSignUp.email = userEmail.ToLower().Trim();
userToSignUp.password = userPassword.Trim();
userToSignUp.platform = "DIRECT";
isUserVerified = "USER NEEDS TO SIGN UP";
}
else if (authetication.code.ToString() == Constant.AutheticatedSuccesful)
{
DateTime today = DateTime.Now;
DateTime expDate = today.AddDays(Constant.days);
user = new User();
user.id = authetication.result[0].driver_uid;
user.sessionTime = expDate;
user.platform = "DIRECT";
user.email = "";
user.socialId = "";
user.route_id = "";
//var notificationStatus = await SetUserRemoteNotification();
//isUserVerified = EvaluteUserUpdates(notificationStatus);
isUserVerified = "SUCCESSFUL:0";
SaveUser(user);
}
else if (authetication.code.ToString() == Constant.ErrorPlatform)
{
//var RDSCode = JsonConvert.DeserializeObject<RDSLogInMessage>(responseContent);
isUserVerified = "WRONG SOCIAL MEDIA TO SIGN IN";
}
else if (authetication.code.ToString() == Constant.ErrorUserDirectLogIn)
{
isUserVerified = "WRONG DIRECT PASSWORD";
}
}
}
catch (Exception errorLogInUser)
{
//var client = new Diagnostic();
//client.parseException(errorLogInUser.ToString(), user);
Debug.WriteLine("ERROR THE 'errorLogInUser' FUNCTION: " + errorLogInUser.Message);
}
return(isUserVerified);
}
//AIM: THIS FUNCTION IS USE to encrypt the string and create hask key using diff hash methods
public string FromString(string input, HashType hashtype)
{
Byte[] clearBytes;
Byte[] hashedBytes;
string output = String.Empty;
switch (hashtype)
{
case HashType.RIPEMD160:
clearBytes = new UTF8Encoding().GetBytes(input);
RIPEMD160 myRIPEMD160 = RIPEMD160Managed.Create();
hashedBytes = myRIPEMD160.ComputeHash(clearBytes);
output = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
break;
case HashType.MD5:
clearBytes = new UTF8Encoding().GetBytes(input);
hashedBytes = ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(clearBytes);
output = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
break;
case HashType.SHA1:
clearBytes = Encoding.UTF8.GetBytes(input);
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
sha1.ComputeHash(clearBytes);
hashedBytes = sha1.Hash;
sha1.Clear();
output = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
break;
case HashType.SHA256:
clearBytes = Encoding.UTF8.GetBytes(input);
SHA256 sha256 = new SHA256Managed();
sha256.ComputeHash(clearBytes);
hashedBytes =sha256.Hash;
sha256.Clear();
output = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
break;
case HashType.SHA384:
clearBytes = Encoding.UTF8.GetBytes(input);
SHA384 sha384 = new SHA384Managed();
sha384.ComputeHash(clearBytes);
hashedBytes = sha384.Hash;
sha384.Clear();
output = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
break;
case HashType.SHA512:
clearBytes = Encoding.UTF8.GetBytes(input);
SHA512 sha512 = new SHA512Managed();
sha512.ComputeHash(clearBytes);
hashedBytes = sha512.Hash;
sha512.Clear();
output = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
break;
}
return output;
}
private static string obf2_(string obf5_)
{
using (SHA512 obf3_ = new SHA512Managed())
{
byte[] obf4_ = obf3_.ComputeHash(Encoding.UTF8.GetBytes(obf5_));
StringBuilder obf6_ = new StringBuilder();
foreach (byte obf7_ in obf4_)
obf6_.Append(obf7_.ToString("[TIMES2]"));
return obf6_.ToString();
}
}
public String makeHash(String RekeningID, String pincode)
{
string input = String.Concat(RekeningID,pincode);
byte[] bytes = Encoding.UTF8.GetBytes(input);
SHA512Managed hashstring = new SHA512Managed();
byte[] hash = hashstring.ComputeHash(bytes);
string hashString = string.Empty;
foreach (byte x in hash)
{
hashString += String.Format("{0:x2}", x);
}
return hashString;
}
protected void register_btn_Click(object sender, EventArgs e)
{
error2_lb.Text = "";
error_lb.Text = "";
bool pass = true; // overall validation
bool pmt = false; // personal info empty check
bool cmt = false; // cc info empty check
// checking if any fields are empty
if (String.IsNullOrWhiteSpace(fname_tb.Text) || String.IsNullOrWhiteSpace(lname_tb.Text) || String.IsNullOrWhiteSpace(email_tb.Text) || String.IsNullOrWhiteSpace(dob_tb.Text) || String.IsNullOrWhiteSpace(pw1_tb.Text) || String.IsNullOrWhiteSpace(pw2_tb.Text))
{
error_lb.Text = "Please fill all fields. <br>";
pmt = true;
}
if (String.IsNullOrWhiteSpace(name_cc.Text) || String.IsNullOrWhiteSpace(cardno_cc.Text) || String.IsNullOrWhiteSpace(cvv_cc.Text) || String.IsNullOrWhiteSpace(expiry_cc.Text))
{
error2_lb.Text = "Please fill all fields. <br>";
cmt = true;
}
if (!pmt)
{
// checks if user exists
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
var user = client.SelectByEmail(email_tb.Text.Trim());
if (user != null)
{
error_lb.Text = error_lb.Text + "User already exists.";
pass = false;
}
Regex nameRegex = new Regex("[A-Za-z]");
if (!nameRegex.IsMatch(fname_tb.Text.Trim()) || !nameRegex.IsMatch(lname_tb.Text.Trim()))
{
error_lb.Text = error_lb.Text + "Please input a valid name <br>";
pass = false;
}
// as long as dob is not today or in the future
if (Convert.ToDateTime(dob_tb.Text.Trim()) >= DateTime.Now.Date)
{
error_lb.Text = error_lb.Text + "Please input a valid date of birth <br>";
pass = false;
}
Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}");
if (!pwRegex.IsMatch(pw1_tb.Text.Trim()))
{
error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>";
pass = false;
}
if (pw1_tb.Text.Trim() != pw2_tb.Text.Trim())
{
error_lb.Text = error_lb.Text + "Passwords must match <br>";
pass = false;
}
}
if (!cmt)
{
// validating credit card name is 2 words, number is 16 digits, cvv is 3 digits and date is valid
Regex nameRegex = new Regex(@"^[A-Za-z]+\s+[A-Za-z]+$");
if (!nameRegex.IsMatch(name_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid name <br>";
pass = false;
}
Regex numRegex = new Regex(@"^([0-9]{4}\s*){4}$");
if (!numRegex.IsMatch(cardno_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid card number <br>";
pass = false;
}
Regex cvvRegex = new Regex("^[0-9]{3}$");
if (!cvvRegex.IsMatch(cvv_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid CVV <br>";
pass = false;
}
Regex expiryRegex = new Regex("^[0-9]{2}[/]{1}[0-9]{2}$");
if (!expiryRegex.IsMatch(expiry_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid expiry date <br>";
pass = false;
}
else
{
string date = expiry_cc.Text.Trim();
string[] split = date.Split('/');
DateTime expiry = Convert.ToDateTime("01/" + split[0] + "/20" + split[1]);
if (expiry <= DateTime.Now.Date)
{
error2_lb.Text = error2_lb.Text + "Please check your card's expiry <br>";
pass = false;
}
}
}
if (pass && !pmt && !cmt)
{
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
// retrieving data to hash
string pw = pw1_tb.Text;
// initializing bytes for salts
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] pwsaltbyte = new byte[8];
// getting random salt bytes and converting into string
rng.GetBytes(pwsaltbyte);
string pwsalt = Convert.ToBase64String(pwsaltbyte);
// initializing hashing thingy
SHA512Managed hashing = new SHA512Managed();
// salting plaintext and hashing after
string saltedpw = pw.ToString() + pwsalt;
string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw)));
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
client.CreateAccount(email_tb.Text.Trim(), hashedpw, pwsalt, fname_tb.Text.Trim(), lname_tb.Text.Trim(), Convert.ToDateTime(dob_tb.Text.Trim()), name_cc.Text.Trim(), cardno_cc.Text.Trim(), cvv_cc.Text.Trim(), expiry_cc.Text.Trim(), cipher.IV, cipher.Key);
Response.Redirect("Login.aspx");
}
}
/// <summary>
/// Generates a hash for the given plain text value and returns a
/// base64-encoded result. Before the hash is computed, a random salt
/// is generated and appended to the plain text. This salt is stored at
/// the end of the hash value, so it can be used later for hash
/// verification.
/// </summary>
/// <param name="plainText">
/// Plaintext value to be hashed.
/// </param>
/// <param name="hashAlgorithm">
/// Name of the hash algorithm. Allowed values are: "MD5", "SHA1",
/// "SHA256", "SHA384", and "SHA512" (if any other value is specified
/// MD5 hashing algorithm will be used). This value is case-insensitive.
/// </param>
/// <param name="saltBytes">
/// Salt bytes. This parameter can be null, in which case a random salt
/// value will be generated.
/// </param>
/// <returns>
/// Hash value formatted as a base64-encoded string.
/// </returns>
/// <remarks>
/// ComputeHash code provided as an example by Obviex at
/// http://www.obviex.com/samples/hash.aspx
/// As noted by Obviex themselves, code is definitely not optimally efficient.
/// Should performance requirements necessitate improvement, this should
/// be improved.
/// </remarks>
public static string ComputeHash(string plainText,
string hashAlgorithm,
byte[] saltBytes)
{
if (plainText == null)
return null;
// If salt is not specified, generate it on the fly.
if (saltBytes == null)
{
// Define min and max salt sizes.
int minSaltSize = 4;
int maxSaltSize = 8;
// Generate a random number for the size of the salt.
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
// Allocate a byte array, which will hold the salt.
saltBytes = new byte[saltSize];
// Initialize a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes);
}
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// Allocate array, which will hold plain text and salt.
byte[] plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
// Copy plain text bytes into resulting array.
for (int i = 0; i < plainTextBytes.Length; i++)
plainTextWithSaltBytes[i] = plainTextBytes[i];
// Append salt bytes to the resulting array.
for (int i = 0; i < saltBytes.Length; i++)
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
// Because we support multiple hashing algorithms, we must define
// hash object as a common (abstract) base class. We will specify the
// actual hashing algorithm class later during object creation.
HashAlgorithm hash;
// Make sure hashing algorithm name is specified.
if (hashAlgorithm == null)
hashAlgorithm = "";
// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
// Create array which will hold hash and original salt bytes.
byte[] hashWithSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];
// Copy hash bytes into resulting array.
for (int i = 0; i < hashBytes.Length; i++)
hashWithSaltBytes[i] = hashBytes[i];
// Append salt bytes to the result.
for (int i = 0; i < saltBytes.Length; i++)
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
// Return the result.
return hashValue;
}
private static string ComputeHash(string plainText,
string hashAlgorithm,
byte[] saltBytes)
{
if (saltBytes == null)
{
int minSaltSize = 4;
int maxSaltSize = 8;
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
saltBytes = new byte[saltSize];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltBytes);
}
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
byte[] plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
for (int i = 0; i < plainTextBytes.Length; i++)
{
plainTextWithSaltBytes[i] = plainTextBytes[i];
}
for (int i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
}
HashAlgorithm hash;
if (hashAlgorithm == null)
{
hashAlgorithm = "";
}
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
byte[] hashWithSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];
for (int i = 0; i < hashBytes.Length; i++)
{
hashWithSaltBytes[i] = hashBytes[i];
}
for (int i = 0; i < saltBytes.Length; i++)
{
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
}
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
return(hashValue);
}
/// <summary>
/// Generates a hash for the given plain text value and returns a
/// base64-encoded result. Before the hash is computed, a random salt
/// is generated and appended to the plain text. This salt is stored at
/// the end of the hash value, so it can be used later for hash
/// verification.
/// </summary>
/// <param name="byteData">
/// Plaintext value to be hashed.
/// </param>
/// <param name="hashAlgorithm">
/// Name of the hash algorithm. Allowed values are: "MD5", "SHA1",
/// "SHA256", "SHA384", "SHA512", "HMACMD5", "HMACSHA1", "HMACSHA256",
/// "HMACSHA512" (if any other value is specified MD5 will be used).
///
/// HMAC algorithms uses Hash-based Message Authentication Code.
/// The HMAC process mixes a secret key with the message data, hashes
/// the result with the hash function, mixes that hash value with
/// the secret key again, and then applies the hash function
/// a second time. HMAC hashes are fixed lenght and generally
/// much longer than non-HMAC hashes of the same type.
///
/// https://msdn.microsoft.com/en-us/library/system.security.cryptography.hmacsha256(v=vs.110).aspx
///
/// This value is case-insensitive.
/// </param>
/// <param name="saltBytes">
/// Optional but recommended salt bytes to apply to the hash. If not passed the
/// raw encoding is used. If salt is nullthe raw algorithm is used (useful for
/// file hashes etc.) HMAC versions REQUIRE that salt is passed.
/// </param>
/// <param name="useBinHex">if true returns the data as BinHex byte pair string. Otherwise Base64 is returned.</param>
/// <returns>
/// Hash value formatted as a base64-encoded or BinHex stringstring.
/// </returns>
public static string ComputeHash(byte[] byteData,
string hashAlgorithm,
byte[] saltBytes,
bool useBinHex = false)
{
if (byteData == null)
{
return(null);
}
// Convert plain text into a byte array.
byte[] plainTextWithSaltBytes;
if (saltBytes != null)
{
// Allocate array, which will hold plain text and salt.
plainTextWithSaltBytes =
new byte[byteData.Length + saltBytes.Length];
// Copy plain text bytes into resulting array.
for (int i = 0; i < byteData.Length; i++)
{
plainTextWithSaltBytes[i] = byteData[i];
}
// Append salt bytes to the resulting array.
for (int i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[byteData.Length + i] = saltBytes[i];
}
}
else
{
plainTextWithSaltBytes = byteData;
}
HashAlgorithm hash;
// Make sure hashing algorithm name is specified.
if (hashAlgorithm == null)
{
hashAlgorithm = "";
}
// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
case "HMACMD5":
hash = new HMACMD5(saltBytes);
break;
case "HMACSHA1":
hash = new HMACSHA1(saltBytes);
break;
case "HMACSHA256":
hash = new HMACSHA256(saltBytes);
break;
case "HMACSHA512":
hash = new HMACSHA512(saltBytes);
break;
default:
// default to MD5
hash = new MD5CryptoServiceProvider();
break;
}
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
hash.Dispose();
if (useBinHex)
{
return(BinaryToBinHex(hashBytes));
}
return(Convert.ToBase64String(hashBytes));
}
public static string GetSHA512(string text)
{
ASCIIEncoding UE = new ASCIIEncoding();
byte[] hashValue;
byte[] message = UE.GetBytes(text);
SHA512Managed hashString = new SHA512Managed();
string hex = "";
hashValue = hashString.ComputeHash(message);
foreach (byte x in hashValue)
{
hex += String.Format("{0:x2}", x);
}
return hex;
}
