internal static void AddUser(string username, string password) { Argon2Config config = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, TimeCost = 3, MemoryCost = 32768, Lanes = 4, Threads = Environment.ProcessorCount, Password = Encoding.ASCII.GetBytes(password), Salt = Convert.FromBase64String(Properties.Settings.Default.Salt), // >= 8 bytes if not null HashLength = 20 // >= 4 }; Argon2 argon2 = new Argon2(config); string passwordHash; using (SecureArray <byte> hashA = argon2.Hash()) { passwordHash = config.EncodeString(hashA.Buffer); } var userCreated = new user() { username = username, passwordHash = passwordHash, isAdmin = false, isEnabled = false }; context.users.Add(userCreated); context.SaveChanges(); }
public void TestArgon2RoundTrip() { var password = "******"; byte[] passwordBytes = Encoding.UTF8.GetBytes(password); byte[] salt = new byte[16]; Rng.GetBytes(salt); var config = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, Password = passwordBytes, Salt = salt, TimeCost = 3, MemoryCost = 65536, Lanes = 4, Threads = 2, }; var argon2 = new Argon2(config); SecureArray <byte> hash = argon2.Hash(); var passwordHash = config.EncodeString(hash.Buffer); this.output.WriteLine($"Argon2 of {password} --> {passwordHash}"); Assert.True( Argon2.Verify(passwordHash, passwordBytes, SecureArray.DefaultCall), $"expected verify to work for {passwordHash} (Argon2 hash of {password}"); }
public string Hash(string text) { Validator.ValidateStringIsNotNullOrEmpty(text); _argon2Config.Password = Encoding.UTF8.GetBytes(text); var argon2A = new Argon2(_argon2Config); return(_argon2Config.EncodeString(argon2A.Hash().Buffer)); }
/// <summary> /// Test <see cref="Argon2"/>. /// </summary> /// <returns> /// The result text. /// </returns> public static string TestArgon2RoundTrip() { var password = "******"; byte[] passwordBytes = Encoding.UTF8.GetBytes(password); byte[] salt = new byte[16]; Rng.GetBytes(salt); var secret = "secret1"; byte[] secretBytes = Encoding.UTF8.GetBytes(secret); var failedResults = new List <string>(); var passedResults = new List <string>(); foreach (var argon2Type in new[] { Argon2Type.DataIndependentAddressing, Argon2Type.DataDependentAddressing, Argon2Type.HybridAddressing }) { var argon2Name = argon2Type == Argon2Type.DataIndependentAddressing ? "Argon2i" : argon2Type == Argon2Type.DataDependentAddressing ? "Argon2d" : "Argon2id"; var config = new Argon2Config { Type = argon2Type, Version = Argon2Version.Nineteen, Password = passwordBytes, Salt = salt, Secret = secretBytes, TimeCost = 3, MemoryCost = 65536, Lanes = 4, Threads = 2, }; var argon2 = new Argon2(config); SecureArray <byte> hash = argon2.Hash(); var passwordHash = config.EncodeString(hash.Buffer); Console.WriteLine($"{argon2Name} of {password} --> {passwordHash}"); if (Argon2.Verify(passwordHash, passwordBytes, secretBytes, SecureArray.DefaultCall)) { passedResults.Add(argon2Name); Console.WriteLine($"Round Trip {argon2Name} Passed"); } else { failedResults.Add(argon2Name); Console.WriteLine($"Round Trip {argon2Name} FAILED"); Console.WriteLine($" expected verify to work for {passwordHash} (Argon2 hash of {password})"); } } return(failedResults.Any() ? $"RoundTrip FAILED: [{string.Join(", ", failedResults)}] (passed: [{string.Join(", ", passedResults)}])" : "RoundTrip Passed"); }
/// <summary> /// Given a plain password and a hash strategy, calculate the salt and hash /// </summary> public SecuredPassword(string plainPassword, HashStrategyKind hashStrategy) { if (string.IsNullOrWhiteSpace(plainPassword)) { throw new ArgumentNullException(plainPassword); } SetHashStrategy(hashStrategy); switch (hashStrategy) { case HashStrategyKind.Pbkdf210001Iterations: var numberOfIterations = (int)_hashingParameter; if (numberOfIterations <= 10000) { throw new ArgumentException("Iterations must be greater than 10000"); } using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, _saltSize, numberOfIterations, HashAlgorithmName.SHA256)) { _salt = deriveBytes.Salt; _hash = deriveBytes.GetBytes(_saltSize); } break; case HashStrategyKind.Argon2WorkCost: byte[] passwordBytes = Encoding.UTF8.GetBytes(plainPassword); _salt = new byte[_saltSize]; RandomNumberGenerator.GetBytes(_salt); var config = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, TimeCost = 10, MemoryCost = (int)_hashingParameter, Lanes = 5, Threads = Environment.ProcessorCount, Password = passwordBytes, Salt = _salt, HashLength = 20 }; var argon2A = new Argon2(config); using (SecureArray <byte> hashArgon = argon2A.Hash()) { _hash = Encoding.ASCII.GetBytes(config.EncodeString(hashArgon.Buffer)); } break; } IsValid = true; }
public string HashPassword(string password, byte[] salt) { var passwordBytes = Encoding.UTF8.GetBytes(password); var argonConfig = new Argon2Config { Lanes = _lanes, Threads = _threads, Password = passwordBytes, Salt = salt, MemoryCost = _cost, }; using var argon = new Argon2(argonConfig); using var hash = argon.Hash(); return(argonConfig.EncodeString(hash.Buffer)); }
/// <summary> /// Test <see cref="Argon2"/>. /// </summary> /// <returns> /// The result text. /// </returns> public static string TestArgon2ThreadsDontMatter() { var password = "******"; byte[] passwordBytes = Encoding.UTF8.GetBytes(password); var configA = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, Password = passwordBytes, TimeCost = 3, MemoryCost = 32, Lanes = 4, Threads = 3, }; var configB = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, Password = passwordBytes, TimeCost = 3, MemoryCost = 32, Lanes = 4, Threads = 1, }; using (var argon2A = new Argon2(configA)) using (var argon2B = new Argon2(configB)) using (var hashA = argon2A.Hash()) using (var hashB = argon2B.Hash()) { var hashTextA = configA.EncodeString(hashA.Buffer); var hashTextB = configB.EncodeString(hashB.Buffer); var res = string.Compare(hashTextA, hashTextB, StringComparison.Ordinal) == 0 ? "ThreadsDontMatter Passed" : "ThreadsDontMatter FAILED"; Console.WriteLine(res); return(res); } }
public string HashPassword(string password) { if (string.IsNullOrEmpty(password)) { throw new ArgumentNullException(password); } byte[] salt = new byte[32]; Argon2Config argon2Config = _argon2Config; argon2Config.Password = Encoding.UTF8.GetBytes(password); argon2Config.Salt = salt; _randomNumberGenerator.GetBytes(salt); var argon2 = new Argon2(argon2Config); using SecureArray <byte> secureArray = argon2.Hash(); argon2.Dispose(); return(argon2Config.EncodeString(secureArray.Buffer)); }
public static string EncryptPassword(string plainText, string salt) { byte[] passwordBytes = Encoding.UTF8.GetBytes(plainText); byte[] saltBytes = Encoding.UTF8.GetBytes(salt + "12345678"); var config = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, TimeCost = 10, MemoryCost = 32768, Lanes = 5, Threads = Environment.ProcessorCount, Password = passwordBytes, Salt = saltBytes, // >= 8 bytes if not null HashLength = 20 // >= 4 }; var argon2A = new Argon2(config); using (SecureArray <byte> hashA = argon2A.Hash()) { return(config.EncodeString(hashA.Buffer)); } }
/// <summary> /// Given a password, salt and hash strategy, calculate the hash /// </summary> /// <param name="plainPassword"></param> /// <param name="salt"></param> /// <param name="hashStrategy"></param> public SecuredPassword(string plainPassword, byte[] salt, HashStrategyKind hashStrategy) { _salt = salt; SetHashStrategy(hashStrategy); switch (hashStrategy) { case HashStrategyKind.Pbkdf25009Iterations: case HashStrategyKind.Pbkdf28000Iterations: using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, salt, (int)_hashingParameter)) { _hash = deriveBytes.GetBytes(_saltSize); } break; case HashStrategyKind.Argon2WorkCost: byte[] passwordBytes = Encoding.UTF8.GetBytes(plainPassword); var config = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, TimeCost = 10, MemoryCost = (int)_hashingParameter, Lanes = 5, Threads = Environment.ProcessorCount, Password = passwordBytes, Salt = _salt, HashLength = 20 // >= 4 }; var argon2A = new Argon2(config); using (SecureArray <byte> hashArgon = argon2A.Hash()) { _hash = Encoding.ASCII.GetBytes(config.EncodeString(hashArgon.Buffer)); } break; } IsValid = true; }
public void TestArgon2ThreadsDontMatter() { var password = "******"; byte[] passwordBytes = Encoding.UTF8.GetBytes(password); var configA = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, Password = passwordBytes, TimeCost = 3, MemoryCost = 32, Lanes = 4, Threads = 3, }; var configB = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, Version = Argon2Version.Nineteen, Password = passwordBytes, TimeCost = 3, MemoryCost = 32, Lanes = 4, Threads = 1, }; using (var argon2A = new Argon2(configA)) using (var argon2B = new Argon2(configB)) using (var hashA = argon2A.Hash()) using (var hashB = argon2B.Hash()) { var hashTextA = configA.EncodeString(hashA.Buffer); var hashTextB = configB.EncodeString(hashB.Buffer); Assert.Equal(hashTextA, hashTextB); } }
private string GetPasswordHash(string password) { byte[] passwordBytes = Encoding.UTF8.GetBytes(password); byte[] salt = new byte[8]; RandomNumberGenerator Rng = RandomNumberGenerator.Create(); Rng.GetBytes(salt); var config = new Argon2Config { Type = Argon2Type.DataIndependentAddressing, TimeCost = 5, MemoryCost = 16384, Password = passwordBytes, Salt = salt }; var argon2A = new Argon2(config); using (SecureArray <byte> hashA = argon2A.Hash()) { return(config.EncodeString(hashA.Buffer)); } }