public void UpdateCustomerPassword(string username, string oldPassword, string newPassword) { Customer customer = AuthoriseRequest(); if (customer.CustomerUsername == username) { if (PasswordHash.Hash(oldPassword, customer.Salt) != customer.CustomerPassword) { throw new ApplicationException("The existing password did not match when attempting a password update."); } else { logger.Debug("Updating customer password for " + customer.CustomerUsername); //customer.CustomerPassword = newPassword; // Hash the password. string salt = PasswordHash.GenerateSalt(); customer.CustomerPassword = PasswordHash.Hash(newPassword, salt); customer.Salt = salt; CRMCustomerPersistor.Update(customer); } } else { throw new ApplicationException("You are not authorised to update customer password for username " + username + "."); } }
//public async Task<IResponseModel> RegisterClientAsync(ClientModel model) //{ // try // { // var client = new Client // { // Id = Guid.NewGuid(), // Email = model.Email, // ApiKey = Guid.NewGuid() // }; // _db.Clients.Add(client); // await _db.SaveChangesAsync(); // _response.Status = true; // _response.Message = "Client registration successful."; // return _response; // } // catch (Exception ex) // { // _response.Status = false; // _response.Message = "Client registration error."; // return _response; // } //} //public async Task<ClientModel> VerifyClientAsync(ClientModel model) //{ // try // { // var clientInfo = await _db.Clients.Where(u => u.Email == model.Email && u.ApiKey == model.ApiKey).SingleOrDefaultAsync(); // if (clientInfo == null) return null; // return new ClientModel // { // Email = clientInfo.Email, // ClientId = clientInfo.Id // }; // } // catch (Exception ex) // { // throw; // } //} //public TokenModel GenerateJwt(ClientModel model) //{ // var token = new JwtTokenBuilder(_config); // return new TokenModel // { // AccessToken = token.GenerateToken(), // Email = model.Email // }; //} #endregion #region User Authentication public async Task <IResponseModel> RegisterUserAsync(IUserModel model) { try { var salt = PasswordHash.GenerateSalt(); var passwordHash = PasswordHash.ComputeHash(model.Password, salt); var user = new User { Id = Guid.NewGuid(), //ClientId = ClientAppHelper.ClientApp, Username = model.Username, Password = Convert.ToBase64String(passwordHash), Salt = Convert.ToBase64String(salt) }; _db.Users.Add(user); await _db.SaveChangesAsync(); _response.Status = true; _response.Message = "User registration successful."; return(_response); } catch (Exception ex) { _response.Status = false; _response.Message = "User registration error."; return(_response); } }
/// <summary> /// Generates a new password Salt. /// </summary> /// <returns>New password Salt as a byte array.</returns> public byte[] GetNewPasswordSalt() { byte[] Salt = PasswordHash.GenerateSalt(); //TPasswordHelper.LogByteArrayContents(Salt, "TPasswordHashingScheme_V1 - Salt"); return(Salt); }
/// <summary> /// Generate a new random key. /// </summary> /// <returns>A random key.</returns> private static Key GenerateNewKey() { var keyPair = PublicKeyBox.GenerateKeyPair(); var key = new Key { KeyType = KeyType.Lageant, PrivateKey = keyPair.PrivateKey, PublicKey = keyPair.PublicKey, KeyId = SodiumCore.GetRandomBytes(8), KeySalt = PasswordHash.GenerateSalt(), KeyNonce = PublicKeyBox.GenerateNonce() }; return(key); }
public string GenerateAdminPassword(Admin admin, Guid userId) { if (userId == null) { throw new Exception(ErrorConstants.REQUIRED_FIELD_EMPTY); } if (admin == null || admin.type != (int)BillingEnums.USER_TYPE.SUPER_ADMIN) { throw new Exception(ErrorConstants.NO_PREVILAGE); } try { var updateAdmin = GetAdminById(userId); if (updateAdmin == null) { throw new Exception(ErrorConstants.ADMIN_NOT_FOUND); } var password = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 10); updateAdmin.salt = PasswordHash.GenerateSalt(); updateAdmin.password = PasswordHash.CreateHash(password, updateAdmin.salt); var adminUpdate = new Dictionary <string, object>(); adminUpdate[ConstAdmin.SALT] = updateAdmin.salt; adminUpdate[ConstAdmin.PASSWORD] = updateAdmin.password; var elasticClient = GetElasticClient(); var updateResponse = elasticClient.Update <Admin, object>(u => u .Index(ElasticMappingConstants.INDEX_NAME) .Type(ElasticMappingConstants.TYPE_ADMIN) .Id(updateAdmin.id.ToString()) .Doc(adminUpdate)); if (!updateResponse.RequestInformation.Success) { throw new Exception(ErrorConstants.PROBLEM_OCCURED_WHILE_GENERATING_PASSWORD); } return(password); } catch (Exception e) { throw e; } }
public void ChangePassword(string oldPassword, string newPassword) { Customer customer = this.ObjectContext.Customers.Where(x => x.Name == this.ServiceContext.User.Identity.Name).First(); if (PasswordHash.Hash(oldPassword, customer.Salt) != customer.CustomerPassword) { throw new ApplicationException("The old password was not correct. Password was not updated."); } else { //customer.CustomerPassword = newPassword; string salt = PasswordHash.GenerateSalt(); customer.CustomerPassword = PasswordHash.Hash(newPassword, salt); customer.Salt = salt; this.ObjectContext.SaveChanges(); } }
public async Task AccountService_RegisterUserAsync_Test() { try { using (db = new DatabaseContext(dbBuilder.Options)) { var userModel = new UserModel { Username = null, Password = "******", FirstName = "Test", LastName = "Test" }; var salt = PasswordHash.GenerateSalt(); var passwordHash = PasswordHash.ComputeHash(userModel.Password, salt); var user = new ApplicationUser { Id = Guid.NewGuid(), ClientId = config["AppConfiguration:Audience"], Email = userModel.Username, Password = Convert.ToBase64String(passwordHash), FirstName = userModel.FirstName, LastName = userModel.LastName, EmailConfirmed = false, DateRegistered = DateTime.UtcNow, Salt = Convert.ToBase64String(salt) }; db.Users.Add(user); var result = await db.SaveChangesAsync(); Assert.IsTrue(result == 1); } } catch (Exception ex) { logService.Log("Register User", ex.InnerException.Message, ex.Message, ex.StackTrace); Assert.Fail(ex.Message); } }
public void AddSuperAdmin() { var elasticClient = GetElasticClient(); var termFilter = new TermFilter() { Field = ConstAdmin.TYPE, Value = (short)BillingEnums.USER_TYPE.SUPER_ADMIN }; try { var response = elasticClient.Search <Admin>(a => a .Index(ElasticMappingConstants.INDEX_NAME) .Type(ElasticMappingConstants.TYPE_ADMIN) .Filter(termFilter) .Take(1)); if (response.Total == 0) { var salt = PasswordHash.GenerateSalt(); var admin = new Admin() { id = Guid.NewGuid(), username = AppConstants.SUPER_ADMIN_USER_NAME, salt = salt, password = PasswordHash.CreateHash(AppConstants.SUPER_ADMIN_PASSWORD, salt), type = (int)BillingEnums.USER_TYPE.SUPER_ADMIN, created_at = DateTime.UtcNow }; var create = elasticClient.Index <Admin>(admin, i => i .Index(ElasticMappingConstants.INDEX_NAME) .Type(ElasticMappingConstants.TYPE_ADMIN)); } } catch (Exception e) { Console.Error.WriteLine(e.GetBaseException().Message); } }
public async Task <IResponseModel> RegisterUserAsync(IUserModel model) { try { var salt = PasswordHash.GenerateSalt(); var passwordHash = PasswordHash.ComputeHash(model.Password, salt); var user = new ApplicationUser { Id = Guid.NewGuid(), ClientId = _config["AppConfiguration:Audience"], Email = model.Username, Password = Convert.ToBase64String(passwordHash), FirstName = model.FirstName, LastName = model.LastName, EmailConfirmed = false, DateRegistered = DateTime.UtcNow, Salt = Convert.ToBase64String(salt) }; _db.Users.Add(user); await _db.SaveChangesAsync(); _response.Status = true; _response.Message = "Registration Successful."; return(_response); } catch (Exception ex) { _loggerService.Log("Register User", ex.InnerException.Message, ex.Message, ex.StackTrace); _response.Status = false; _response.Message = "Registration Error."; return(_response); } }
public ActionResult Create(LOGIN newuser) { if (Request.IsAuthenticated) { using (trackerEntities db = new trackerEntities()) { PasswordHash pass = new PasswordHash(); pass.Salt = pass.GenerateSalt(); newuser.userID = (int)TempData["u2"]; newuser.password = (string)TempData["pass"]; newuser.password = pass.GetHash(newuser.password, pass.Salt); newuser.password_salt = Convert.ToBase64String(pass.Salt); //int hash = newuser.password.GetHashCode(); //newuser.password_salt = hash; //password salt needs to be int ?? USER User = (USER)TempData["userModel"]; db.USERs.Add(User); //db.SaveChanges(); if (User.user_type != "Volunteer") { PAID_STAFF pAID_STAFF = (PAID_STAFF)TempData["paidStaffModel"]; db.PAID_STAFF.Add(pAID_STAFF); //db.SaveChanges(); } db.LOGINs.Add(newuser); db.SaveChanges(); } ModelState.Clear(); ViewBag.SuccessMessage = "Registration Success!"; return(RedirectToAction("Index", "Home")); } else { return(RedirectToAction("Index", "Home")); } //return View("Create", new LOGIN()); }
public void TestGenerateSalt() { Assert.AreEqual(32, PasswordHash.GenerateSalt().Length); }
static void Test() { Console.WriteLine("safe RNG"); foreach (var i in Enumerable.Range(0, 10)) { Console.WriteLine(Convert.ToBase64String(GenerateRandomNumber(32)));; } const string message = "Secret message"; Console.WriteLine($"hashes of '{message}'"); Console.WriteLine($"MD5: {Convert.ToBase64String(CalculateMd5(Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine($"SHA1: {Convert.ToBase64String(CalculateSha1(Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine($"SHA256: {Convert.ToBase64String(CalculateSha256(Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine($"SHA512: {Convert.ToBase64String(CalculateSha512(Encoding.UTF8.GetBytes(message)))}"); const string message2 = "Secret Message"; Console.WriteLine($"hashes of '{message2}'"); Console.WriteLine($"MD5: {Convert.ToBase64String(CalculateMd5(Encoding.UTF8.GetBytes(message2)))}"); Console.WriteLine($"SHA1: {Convert.ToBase64String(CalculateSha1(Encoding.UTF8.GetBytes(message2)))}"); Console.WriteLine($"SHA256: {Convert.ToBase64String(CalculateSha256(Encoding.UTF8.GetBytes(message2)))}"); Console.WriteLine($"SHA512: {Convert.ToBase64String(CalculateSha512(Encoding.UTF8.GetBytes(message2)))}"); Console.WriteLine($"HMACs of '{message}'"); var key = Hmac.GenerateKey(); Console.WriteLine($"HmacMd5: {Convert.ToBase64String(Hmac.ComputeHmacMd5(key, Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine($"HmacSha1: {Convert.ToBase64String(Hmac.ComputeHmacSha1(key, Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine($"HmacSha256: {Convert.ToBase64String(Hmac.ComputeHmacSha256(key, Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine($"HmacSha512: {Convert.ToBase64String(Hmac.ComputeHmacSha512(key, Encoding.UTF8.GetBytes(message)))}"); Console.WriteLine("Hash password with salt"); const string password = "******"; var salt = PasswordHash.GenerateSalt(); Console.WriteLine($"Salt: {Convert.ToBase64String(salt)}"); Console.WriteLine(Convert.ToBase64String(PasswordHash.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), salt))); Console.WriteLine("Hash same password with PBKDF2"); Console.WriteLine(Convert.ToBase64String(PasswordHash.HashPasswordPbkdf2(Encoding.UTF8.GetBytes(password), salt, 150_000))); Console.WriteLine("DES example on 'Lorem Ipsum'"); const string messageSymmetric = "Lorem ispum dolor sit amet."; var ivDes = GenerateRandomNumber(8); var keyDes = GenerateRandomNumber(8); var encryptedDes = EncryptDes(Encoding.UTF8.GetBytes(messageSymmetric), keyDes, ivDes); var decryptedDes = DecryptDes(encryptedDes, keyDes, ivDes); Console.WriteLine($"EncryptedDES: {Convert.ToBase64String(encryptedDes)}"); Console.WriteLine($"DecryptedDES: {Encoding.UTF8.GetString(decryptedDes)}"); Console.WriteLine("TripleDES example on Lorem Ipsum"); var keyTripleDes = GenerateRandomNumber(24); var ivTripleDes = GenerateRandomNumber(8); var encryptedTripleDes = EncryptTripleDes(Encoding.UTF8.GetBytes(messageSymmetric), keyTripleDes, ivTripleDes); var decryptedTripleDes = DecryptTripleDes(encryptedTripleDes, keyTripleDes, ivTripleDes); Console.WriteLine($"EncryptedTripleDES: {Convert.ToBase64String(encryptedTripleDes)}"); Console.WriteLine($"DecryptedTripleDES: {Encoding.UTF8.GetString(decryptedTripleDes)}"); Console.WriteLine("AES example on Lorem Ipsum"); var keyAes = GenerateRandomNumber(32); var ivAes = GenerateRandomNumber(16); var encryptedAes = EncryptAes(Encoding.UTF8.GetBytes(messageSymmetric), keyAes, ivAes); var decryptedAes = DecryptAes(encryptedAes, keyAes, ivAes); Console.WriteLine($"EncryptedAES: {Convert.ToBase64String(encryptedAes)}"); Console.WriteLine($"DecryptedAES: {Encoding.UTF8.GetString(decryptedAes)}"); Console.WriteLine("RSA in memory example on Lorem Ipsum"); var inMemoryAsymmetricOptions = new AsymmetricCryptoServiceOptions { KeySize = KeySize.KeySize2048, }; var asymmetricInMemoryCryptoProvider = new AsymmetricCryptoServiceBuilder() .WithOptions(inMemoryAsymmetricOptions).WithKeyStorageOption(KeyStorageOption.InMemory).Build(); var encryptedRsa = asymmetricInMemoryCryptoProvider.Encrypt(Encoding.UTF8.GetBytes(messageSymmetric)); var decryptedRsa = asymmetricInMemoryCryptoProvider.Decrypt(encryptedRsa); Console.WriteLine($"Encrypted RSA: {Convert.ToBase64String(encryptedRsa)}"); Console.WriteLine($"Decrypted RSA: {Encoding.UTF8.GetString(decryptedRsa)}"); Console.WriteLine("RSA XML example on Lorem Ipsum"); var xmlAsymmetricOptions = new AsymmetricCryptoServiceOptions { KeySize = KeySize.KeySize2048, XmlPrivateKeyFilePath = Path.Combine(Directory.GetCurrentDirectory(), "privateKey.xml"), XmlPublicKeyFilePath = Path.Combine(Directory.GetCurrentDirectory(), "publicKey.xml"), }; var asymmetricXmlCryptoProvider = new AsymmetricCryptoServiceBuilder() .WithOptions(xmlAsymmetricOptions).WithKeyStorageOption(KeyStorageOption.InMemory).Build(); encryptedRsa = asymmetricXmlCryptoProvider.Encrypt(Encoding.UTF8.GetBytes(messageSymmetric)); decryptedRsa = asymmetricXmlCryptoProvider.Decrypt(encryptedRsa); Console.WriteLine($"Encrypted RSA: {Convert.ToBase64String(encryptedRsa)}"); Console.WriteLine($"Decrypted RSA: {Encoding.UTF8.GetString(decryptedRsa)}"); Console.WriteLine("RSA CSP example on Lorem Ipsum"); var cspAsymmetricOptions = new AsymmetricCryptoServiceOptions { CspParameters = new CspParameters(1) { KeyContainerName = "AppliedCryptographyTest", ProviderName = "Microsoft Strong Cryptographic Provider", Flags = CspProviderFlags.UseMachineKeyStore, }, KeySize = KeySize.KeySize2048, }; var asymmetricCspCryptoProvider = new AsymmetricCryptoServiceBuilder().WithOptions(cspAsymmetricOptions) .WithKeyStorageOption(KeyStorageOption.Csp).Build(); encryptedRsa = asymmetricCspCryptoProvider.Encrypt(Encoding.UTF8.GetBytes(messageSymmetric)); decryptedRsa = asymmetricCspCryptoProvider.Decrypt(encryptedRsa); Console.WriteLine($"Encrypted RSA: {Convert.ToBase64String(encryptedRsa)}"); Console.WriteLine($"Decrypted RSA: {Encoding.UTF8.GetString(decryptedRsa)}"); Console.WriteLine("DigitalSignature InMemory example on LoremIpsum"); var digitalSignatureInMemoryOptions = new DigitalSignatureProviderOptions { HashAlgorithm = DigitalSignatureHashAlgorithm.SHA512, KeySize = KeySize.KeySize2048, }; var digitalSignatureInMemoryProvider = new DigitalSignatureProviderBuilder() .WithOptions(digitalSignatureInMemoryOptions).WithKeyStorageOption(KeyStorageOption.InMemory).Build(); var signedHash = digitalSignatureInMemoryProvider.Sign(CalculateSha512(Encoding.UTF8.GetBytes(messageSymmetric))); Console.WriteLine($"Signed hash: {Convert.ToBase64String(signedHash)}"); var compareHash = CalculateSha512(Encoding.UTF8.GetBytes(messageSymmetric)); Console.WriteLine($"Compare hashes: {digitalSignatureInMemoryProvider.Verify(signedHash, compareHash).ToString()}"); compareHash[0] = Byte.MaxValue; Console.WriteLine($"Compare hashes with tapering: {digitalSignatureInMemoryProvider.Verify(signedHash, compareHash).ToString()}"); }
/// <summary>Generate a random salt for use with HashPassword. In addition to the random salt, the salt value /// also contains the tuning parameters to use with the scrypt algorithm, as well as the size of the password /// hash to generate.</summary> /// <param name="saltLengthBytes">The number of bytes of random salt to generate. The goal for the salt is /// to be unique. 16 bytes gives a 2^128 possible salt options, and roughly an N in 2^64 chance of a salt /// collision for N salts, which seems reasonable. A larger salt requires more storage space, but doesn't /// affect the scrypt performance significantly.</param> /// <param name="N">CPU/memory cost parameter. Must be a value 2^N. 2^14 (16384) causes a calculation time /// of approximately 50-70ms on 2010 era hardware; each successive value (eg. 2^15, 2^16, ...) should /// double the amount of CPU time and memory required.</param> /// <param name="r">scrypt 'r' tuning parameter</param> /// <param name="p">scrypt 'p' tuning parameter (parallelization parameter); a large value of p can increase /// computational cost of scrypt without increasing the memory usage.</param> /// <param name="hashLengthBytes">The number of bytes to store the password hash in.</param> public static string GenerateSalt(uint saltLengthBytes, ulong N, uint r, uint p, uint hashLengthBytes) { return(PasswordHash.GenerateSalt(saltLengthBytes, N, r, p, hashLengthBytes)); }
/// <summary>Generate a salt for use with HashPassword, selecting reasonable default values for scrypt /// parameters that are appropriate for an interactive login verification workflow.</summary> /// <remarks>Uses the default values in DefaultSaltLengthBytes, Default_N, Default_r, Default_r, and /// DefaultHashLengthBytes.</remarks> public static string GenerateSalt() { return(PasswordHash.GenerateSalt()); }
/// <summary> /// Store/Export a key to file. /// </summary> public async void ExportKeyToFile() { MainViewError = string.Empty; IsWorking = true; string password; if (SelectedKey != null) { var exportKey = new Key { PublicKey = SelectedKey.PublicKey, PrivateKey = SelectedKey.PrivateKey, KeyType = SelectedKey.KeyType, KeyId = SelectedKey.KeyId ?? null, KeySalt = SelectedKey.KeySalt ?? PasswordHash.GenerateSalt(), KeyNonce = SelectedKey.KeyNonce ?? SecretBox.GenerateNonce() }; var saveFileDialog = new SaveFileDialog { OverwritePrompt = true, AddExtension = true, DefaultExt = ".lkey" }; if (exportKey.KeyId != null) { saveFileDialog.FileName = Utilities.BinaryToHex(exportKey.KeyId); } var result = saveFileDialog.ShowDialog(); if (result == true) { var filename = saveFileDialog.FileName; try { var win = new PasswordInputViewModel { DisplayName = "Enter a new protection password" }; dynamic settings = new ExpandoObject(); settings.WindowStartupLocation = WindowStartupLocation.CenterOwner; settings.Owner = GetView(); var inputOk = _windowManager.ShowDialog(win, null, settings); if (inputOk == true) { password = win.UserPassword; if (!string.IsNullOrEmpty(password)) { var encryptionKey = await Task.Run(() => { var tmpKey = new byte[32]; try { tmpKey = PasswordHash.ScryptHashBinary(Encoding.UTF8.GetBytes(password), exportKey.KeySalt, PasswordHash.Strength.MediumSlow, 32); } catch (OutOfMemoryException) { MainViewError = "Could not export key (out of memory)."; } catch (Exception) { MainViewError = "Could not export key."; } return(tmpKey); }).ConfigureAwait(true); if (encryptionKey != null) { exportKey.PrivateKey = SecretBox.Create(exportKey.PrivateKey, exportKey.KeyNonce, encryptionKey); using (var keyFileStream = File.OpenWrite(filename)) { Serializer.SerializeWithLengthPrefix(keyFileStream, exportKey, PrefixStyle.Base128, 0); } } else { MainViewError = "Could not export key (missing encryption key?)"; } } else { MainViewError = "Could not export key (missing password)"; } } } catch (Exception) { MainViewError = "Could not export key (failure)"; } } else { MainViewError = "Could not export key (missing password)"; } } IsWorking = false; }
// When setting password public string EncryptPassword(string password) { string hashedPassword = PasswordHash.HashPassword(password, PasswordHash.GenerateSalt()); return(hashedPassword); }