internal static void AddUser(string username, string password)
{
Argon2Config config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
TimeCost = 3,
MemoryCost = 32768,
Lanes = 4,
Threads = Environment.ProcessorCount,
Password = Encoding.ASCII.GetBytes(password),
Salt = Convert.FromBase64String(Properties.Settings.Default.Salt), // >= 8 bytes if not null
HashLength = 20 // >= 4
};
Argon2 argon2 = new Argon2(config);
string passwordHash;
using (SecureArray <byte> hashA = argon2.Hash())
{
passwordHash = config.EncodeString(hashA.Buffer);
}
var userCreated = new user()
{
username = username,
passwordHash = passwordHash,
isAdmin = false,
isEnabled = false
};
context.users.Add(userCreated);
context.SaveChanges();
}
public void TestArgon2RoundTrip()
{
var password = "******";
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] salt = new byte[16];
Rng.GetBytes(salt);
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
Salt = salt,
TimeCost = 3,
MemoryCost = 65536,
Lanes = 4,
Threads = 2,
};
var argon2 = new Argon2(config);
SecureArray <byte> hash = argon2.Hash();
var passwordHash = config.EncodeString(hash.Buffer);
this.output.WriteLine($"Argon2 of {password} --> {passwordHash}");
Assert.True(
Argon2.Verify(passwordHash, passwordBytes, SecureArray.DefaultCall),
$"expected verify to work for {passwordHash} (Argon2 hash of {password}");
}
public string Hash(string text)
{
Validator.ValidateStringIsNotNullOrEmpty(text);
_argon2Config.Password = Encoding.UTF8.GetBytes(text);
var argon2A = new Argon2(_argon2Config);
return(_argon2Config.EncodeString(argon2A.Hash().Buffer));
}
/// <summary>
/// Test <see cref="Argon2"/>.
/// </summary>
/// <returns>
/// The result text.
/// </returns>
public static string TestArgon2RoundTrip()
{
var password = "******";
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] salt = new byte[16];
Rng.GetBytes(salt);
var secret = "secret1";
byte[] secretBytes = Encoding.UTF8.GetBytes(secret);
var failedResults = new List <string>();
var passedResults = new List <string>();
foreach (var argon2Type in new[] { Argon2Type.DataIndependentAddressing, Argon2Type.DataDependentAddressing, Argon2Type.HybridAddressing })
{
var argon2Name = argon2Type == Argon2Type.DataIndependentAddressing ? "Argon2i" :
argon2Type == Argon2Type.DataDependentAddressing ? "Argon2d" : "Argon2id";
var config = new Argon2Config
{
Type = argon2Type,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
Salt = salt,
Secret = secretBytes,
TimeCost = 3,
MemoryCost = 65536,
Lanes = 4,
Threads = 2,
};
var argon2 = new Argon2(config);
SecureArray <byte> hash = argon2.Hash();
var passwordHash = config.EncodeString(hash.Buffer);
Console.WriteLine($"{argon2Name} of {password} --> {passwordHash}");
if (Argon2.Verify(passwordHash, passwordBytes, secretBytes, SecureArray.DefaultCall))
{
passedResults.Add(argon2Name);
Console.WriteLine($"Round Trip {argon2Name} Passed");
}
else
{
failedResults.Add(argon2Name);
Console.WriteLine($"Round Trip {argon2Name} FAILED");
Console.WriteLine($" expected verify to work for {passwordHash} (Argon2 hash of {password})");
}
}
return(failedResults.Any() ? $"RoundTrip FAILED: [{string.Join(", ", failedResults)}] (passed: [{string.Join(", ", passedResults)}])"
: "RoundTrip Passed");
}
/// <summary>
/// Given a plain password and a hash strategy, calculate the salt and hash
/// </summary>
public SecuredPassword(string plainPassword, HashStrategyKind hashStrategy)
{
if (string.IsNullOrWhiteSpace(plainPassword))
{
throw new ArgumentNullException(plainPassword);
}
SetHashStrategy(hashStrategy);
switch (hashStrategy)
{
case HashStrategyKind.Pbkdf210001Iterations:
var numberOfIterations = (int)_hashingParameter;
if (numberOfIterations <= 10000)
{
throw new ArgumentException("Iterations must be greater than 10000");
}
using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, _saltSize, numberOfIterations, HashAlgorithmName.SHA256))
{
_salt = deriveBytes.Salt;
_hash = deriveBytes.GetBytes(_saltSize);
}
break;
case HashStrategyKind.Argon2WorkCost:
byte[] passwordBytes = Encoding.UTF8.GetBytes(plainPassword);
_salt = new byte[_saltSize];
RandomNumberGenerator.GetBytes(_salt);
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
TimeCost = 10,
MemoryCost = (int)_hashingParameter,
Lanes = 5,
Threads = Environment.ProcessorCount,
Password = passwordBytes,
Salt = _salt,
HashLength = 20
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashArgon = argon2A.Hash())
{
_hash = Encoding.ASCII.GetBytes(config.EncodeString(hashArgon.Buffer));
}
break;
}
IsValid = true;
}
public string HashPassword(string password, byte[] salt)
{
var passwordBytes = Encoding.UTF8.GetBytes(password);
var argonConfig = new Argon2Config
{
Lanes = _lanes,
Threads = _threads,
Password = passwordBytes,
Salt = salt,
MemoryCost = _cost,
};
using var argon = new Argon2(argonConfig);
using var hash = argon.Hash();
return(argonConfig.EncodeString(hash.Buffer));
}
/// <summary>
/// Test <see cref="Argon2"/>.
/// </summary>
/// <returns>
/// The result text.
/// </returns>
public static string TestArgon2ThreadsDontMatter()
{
var password = "******";
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
var configA = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 3,
};
var configB = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 1,
};
using (var argon2A = new Argon2(configA))
using (var argon2B = new Argon2(configB))
using (var hashA = argon2A.Hash())
using (var hashB = argon2B.Hash())
{
var hashTextA = configA.EncodeString(hashA.Buffer);
var hashTextB = configB.EncodeString(hashB.Buffer);
var res = string.Compare(hashTextA, hashTextB, StringComparison.Ordinal) == 0
? "ThreadsDontMatter Passed"
: "ThreadsDontMatter FAILED";
Console.WriteLine(res);
return(res);
}
}
public string HashPassword(string password)
{
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(password);
}
byte[] salt = new byte[32];
Argon2Config argon2Config = _argon2Config;
argon2Config.Password = Encoding.UTF8.GetBytes(password);
argon2Config.Salt = salt;
_randomNumberGenerator.GetBytes(salt);
var argon2 = new Argon2(argon2Config);
using SecureArray <byte> secureArray = argon2.Hash();
argon2.Dispose();
return(argon2Config.EncodeString(secureArray.Buffer));
}
public static string EncryptPassword(string plainText, string salt)
{
byte[] passwordBytes = Encoding.UTF8.GetBytes(plainText);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt + "12345678");
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
TimeCost = 10,
MemoryCost = 32768,
Lanes = 5,
Threads = Environment.ProcessorCount,
Password = passwordBytes,
Salt = saltBytes, // >= 8 bytes if not null
HashLength = 20 // >= 4
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashA = argon2A.Hash())
{
return(config.EncodeString(hashA.Buffer));
}
}
/// <summary>
/// Given a password, salt and hash strategy, calculate the hash
/// </summary>
/// <param name="plainPassword"></param>
/// <param name="salt"></param>
/// <param name="hashStrategy"></param>
public SecuredPassword(string plainPassword, byte[] salt, HashStrategyKind hashStrategy)
{
_salt = salt;
SetHashStrategy(hashStrategy);
switch (hashStrategy)
{
case HashStrategyKind.Pbkdf25009Iterations:
case HashStrategyKind.Pbkdf28000Iterations:
using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, salt, (int)_hashingParameter))
{
_hash = deriveBytes.GetBytes(_saltSize);
}
break;
case HashStrategyKind.Argon2WorkCost:
byte[] passwordBytes = Encoding.UTF8.GetBytes(plainPassword);
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
TimeCost = 10,
MemoryCost = (int)_hashingParameter,
Lanes = 5,
Threads = Environment.ProcessorCount,
Password = passwordBytes,
Salt = _salt,
HashLength = 20 // >= 4
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashArgon = argon2A.Hash())
{
_hash = Encoding.ASCII.GetBytes(config.EncodeString(hashArgon.Buffer));
}
break;
}
IsValid = true;
}
public void TestArgon2ThreadsDontMatter()
{
var password = "******";
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
var configA = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 3,
};
var configB = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 1,
};
using (var argon2A = new Argon2(configA))
using (var argon2B = new Argon2(configB))
using (var hashA = argon2A.Hash())
using (var hashB = argon2B.Hash())
{
var hashTextA = configA.EncodeString(hashA.Buffer);
var hashTextB = configB.EncodeString(hashB.Buffer);
Assert.Equal(hashTextA, hashTextB);
}
}
private string GetPasswordHash(string password)
{
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] salt = new byte[8];
RandomNumberGenerator Rng = RandomNumberGenerator.Create();
Rng.GetBytes(salt);
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
TimeCost = 5,
MemoryCost = 16384,
Password = passwordBytes,
Salt = salt
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashA = argon2A.Hash())
{
return(config.EncodeString(hashA.Buffer));
}
}