/// <summary>Given two <see cref="SecureTextBox"/> controls containing passwords, checks that the passwords match /// and are sufficiently strong. Message boxes will be displayed to the user if any problems are found with the /// passwords. True is returned if the passwords should be used, and false if not. /// </summary> public static bool ValidateAndCheckPasswords(SecureTextBox pass1, SecureTextBox pass2) { if(!ValidatePasswords(pass1, pass2)) { return false; } else if(pass1.TextLength == 0) { if(MessageBox.Show("You didn't enter a password! This is extremely insecure, as anybody can use your key. Are "+ "you sure you don't want a password?", "Password is blank!", MessageBoxButtons.YesNo, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button2) == DialogResult.No) { return false; } } else if(pass1.GetPasswordStrength() < PasswordStrength.Moderate) { if(MessageBox.Show("You entered a weak password! This is not secure, as your password can be cracked in a "+ "relatively short period of time, allowing somebody access to your key. Are you sure you "+ "want a to use a weak password?", "Password is weak!", MessageBoxButtons.YesNo, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button2) == DialogResult.No) { return false; } } return true; }
/// <summary>Given two <see cref="SecureTextBox"/> controls containing passwords, checks that the passwords match. /// Message boxes will be displayed to the user if any problems are found with the passwords. True is returned if /// the passwords should be used, and false if not. /// </summary> public static bool ValidatePasswords(SecureTextBox pass1, SecureTextBox pass2) { if(!PGPUI.ArePasswordsEqual(pass1, pass2)) { MessageBox.Show("The passwords you have entered do not match.", "Password mismatch", MessageBoxButtons.OK, MessageBoxIcon.Error); return false; } return true; }
/// <summary>Given two <see cref="SecureTextBox"/> controls containing passwords, determines whether the passwords /// in the two controls are equal, case-sensitively. /// </summary> public static bool ArePasswordsEqual(SecureTextBox pass1, SecureTextBox pass2) { bool passwordsMatch = true; if(pass1.TextLength != pass2.TextLength) { passwordsMatch = false; } else { SecureString ss1 = null, ss2 = null; IntPtr bstr1 = IntPtr.Zero, bstr2 = IntPtr.Zero; try { ss1 = pass1.GetText(); ss2 = pass2.GetText(); bstr1 = Marshal.SecureStringToBSTR(ss1); bstr2 = Marshal.SecureStringToBSTR(ss2); unsafe { char* p1 = (char*)bstr1.ToPointer(), p2 = (char*)bstr2.ToPointer(); int length = ss1.Length; for(int i=0; i<length; p1++, p2++, i++) { if(*p1 != *p2) { passwordsMatch = false; break; } } } } finally { Marshal.ZeroFreeBSTR(bstr1); Marshal.ZeroFreeBSTR(bstr2); ss1.Dispose(); ss2.Dispose(); } } return passwordsMatch; }