/// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            int rounds = options.GetValue(CrypterOption.Rounds, 6);

            Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds);

            string prefix;

            switch (options.GetValue(CrypterOption.Variant, BlowfishCrypterVariant.Unspecified))
            {
            case BlowfishCrypterVariant.Unspecified: prefix = "$2a$"; break;

            case BlowfishCrypterVariant.Compatible: prefix = "$2x$"; break;

            case BlowfishCrypterVariant.Corrected: prefix = "$2y$"; break;

            default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
            }

            return(prefix
                   + rounds.ToString("00") + '$'
                   + Base64Encoding.Blowfish.GetString(Security.GenerateRandomBytes(16)));
        }
Exemple #2
0
        /// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            int rounds = options.GetValue(CrypterOption.Rounds, 14);

            Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds);

            string prefix;

            switch (options.GetValue(CrypterOption.Variant, PhpassCrypterVariant.Standard))
            {
            case PhpassCrypterVariant.Standard: prefix = "$P$"; break;

            case PhpassCrypterVariant.Phpbb: prefix = "$H$"; break;

            case PhpassCrypterVariant.Drupal: prefix = "$S$"; break;

            default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
            }

            return(prefix
                   + Base64Encoding.UnixMD5.GetChar(rounds)
                   + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6)));
        }
Exemple #3
0
        /// <summary>
        /// Creates a one-way password hash (crypted password) from password bytes.
        /// Options modify the crypt operation.
        /// </summary>
        /// <param name="password">The bytes of the password.</param>
        /// <param name="options">Options modifying the crypt operation.</param>
        /// <returns>The crypted password.</returns>
        public string Crypt(byte[] password, CrypterOptions options)
        {
            Check.Null("password", password);
            Check.Null("options", options);

            return(Crypt(password, GenerateSalt(options)));
        }
Exemple #4
0
        /// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            int?rounds = options.GetValue <int?>(CrypterOption.Rounds);

            if (rounds != null)
            {
                Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds);
            }

            byte[] roundsBytes = new byte[3], saltBytes = null;
            try
            {
                BitPacking.LEBytesFromUInt24((uint)(rounds ?? 4321), roundsBytes, 0);
                saltBytes = Security.GenerateRandomBytes(3);

                return("_"
                       + Base64Encoding.UnixMD5.GetString(roundsBytes)
                       + Base64Encoding.UnixMD5.GetString(saltBytes));
            }
            finally
            {
                Security.Clear(roundsBytes);
                Security.Clear(saltBytes);
            }
        }
Exemple #5
0
        /// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            string salt;

            do
            {
                salt = Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(2)).Substring(0, 2);
            }while (FilterSalt(salt) != salt);
            return(salt);
        }
        /// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            int?rounds = options.GetValue <int?>(CrypterOption.Rounds);

            if (rounds != null)
            {
                Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds);
            }

            return(CryptPrefix
                   + (rounds != null ? string.Format("rounds={0}$", rounds) : "")
                   + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(12)));
        }
Exemple #7
0
        /// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            string prefix;

            switch (options.GetValue(CrypterOption.Variant, MD5CrypterVariant.Standard))
            {
            case MD5CrypterVariant.Standard: prefix = "$1$"; break;

            case MD5CrypterVariant.Apache: prefix = "$apr1$"; break;

            default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
            }

            return(prefix + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6)));
        }
        /// <inheritdoc />
        public override string GenerateSalt(CrypterOptions options)
        {
            Check.Null("options", options);

            switch (options.GetValue(CrypterOption.Variant, LdapCrypterVariant.SSha))
            {
            case LdapCrypterVariant.Crypt:
                Crypter crypter = options.GetValue <Crypter>(LdapCrypterOption.Crypter);
                if (crypter == null)
                {
                    throw Exceptions.Argument("LdapCrypterOption.Crypter",
                                              "Crypter not set. Did you intend Crypter.TraditionalDes (the slappasswd default)?");
                }

                CrypterOptions crypterOptions = options.GetValue(LdapCrypterOption.CrypterOptions, CrypterOptions.None);
                return("{CRYPT}" + crypter.GenerateSalt(crypterOptions));

            case LdapCrypterVariant.SSha512: return("{SSHA512}" + GenerateSaltString());

            case LdapCrypterVariant.SSha384: return("{SSHA384}" + GenerateSaltString());

            case LdapCrypterVariant.SSha256: return("{SSHA256}" + GenerateSaltString());

            case LdapCrypterVariant.SSha: return("{SSHA}" + GenerateSaltString());

            case LdapCrypterVariant.SMD5: return("{SMD5}" + GenerateSaltString());

            case LdapCrypterVariant.Sha512: return("{SHA512}");

            case LdapCrypterVariant.Sha384: return("{SHA384}");

            case LdapCrypterVariant.Sha256: return("{SHA256}");

            case LdapCrypterVariant.Sha: return("{SHA}");

            case LdapCrypterVariant.MD5: return("{MD5}");

            case LdapCrypterVariant.Cleartext: return("{CLEARTEXT}");

            default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
            }
        }
        private void btn_Register_Click(object sender, EventArgs e)
        {
            string xregusername = txt_regusername.Text;
            string xregname     = txt_regname.Text;
            string xpassword    = txt_regpass.Text;
            string xconfirmpass = txt_regpassconf.Text;
            int    xisAdmin;

            if (chk_admin.Checked == true)
            {
                xisAdmin = 1;
            }
            else
            {
                xisAdmin = 0;
            }


            if (xregusername == "")
            {
                MessageBox.Show("Username cannot be blank", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
                txt_regusername.Focus();
                return;
            }

            if (xregname == "")
            {
                MessageBox.Show("Name cannot be blank!", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
                txt_regname.Focus();
                return;
            }

            if (xpassword == "")
            {
                MessageBox.Show("Password cannot be blank", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
                txt_regpass.Focus();
                return;
            }

            if (xconfirmpass == "")
            {
                MessageBox.Show("Confirm Password cannot be blank", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
                txt_regpassconf.Focus();
                return;
            }

            if (xpassword != xconfirmpass)
            {
                MessageBox.Show("Password did not match", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
                return;
            }


            MySqlConnection xsqlcon = new MySqlConnection(xsqlconnstring);

            xsqlcon.Open();

            string           checkifExists = "Select * from users where username='******'";
            MySqlCommand     xsqlcmd       = new MySqlCommand(checkifExists, xsqlcon);
            MySqlDataAdapter xsqlda        = new MySqlDataAdapter();

            xsqlda.SelectCommand = xsqlcmd;
            DataTable dt = new DataTable();

            xsqlda.Fill(dt);

            if (dt.Rows.Count >= 1)
            {
                MessageBox.Show("Username already taken!", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                txt_regusername.Focus();
            }
            else
            {
                const int factor   = 12;
                var       xoptions = new CryptSharp.CrypterOptions
                {
                    { CryptSharp.CrypterOption.Rounds, factor },
                    { CryptSharp.CrypterOption.Variant, CryptSharp.BlowfishCrypterVariant.Corrected }
                };

                string xhashpass = CryptSharp.BlowfishCrypter.Blowfish.Crypt(xpassword, xoptions);

                string       xinsertQuery = "Insert into users (username,password,name,isAdmin) values (@username,@password,@name,@isAdmin)";
                MySqlCommand xsqlcmd2     = new MySqlCommand(xinsertQuery, xsqlcon);

                xsqlcmd2.Parameters.AddWithValue("@username", xregusername);
                xsqlcmd2.Parameters.AddWithValue("@password", xhashpass);
                xsqlcmd2.Parameters.AddWithValue("@name", xregname);
                xsqlcmd2.Parameters.AddWithValue("@isAdmin", xisAdmin);
                xsqlcmd2.ExecuteNonQuery();

                MessageBox.Show("User successfully registered!", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Information);

                clearText();
            }

            xsqlcon.Close();
        }
Exemple #10
0
 /// <summary>
 /// Generates a salt string. Options are used to modify the salt generation.
 /// The purpose of salt is to make dictionary attacks against a whole password database much harder,
 /// by causing the crypted password to be different even if two users have the same uncrypted password.
 ///
 /// Randomness in a crypted password comes from its salt string, as do all recorded options.
 /// The same salt string, when combined with the same password, will generate the same crypted password.
 /// If the salt string differs, the same password will generate a different crypted password
 /// (crypted passwords have the form <c>algorithm+salt+hash</c>, so the salt is always carried along
 /// with the crypted password).
 /// </summary>
 /// <param name="options">Options modifying the salt generation.</param>
 /// <returns>The salt string.</returns>
 public abstract string GenerateSalt(CrypterOptions options);
Exemple #11
0
 /// <summary>
 /// Creates a one-way password hash (crypted password) from a password string.
 /// Options modify the crypt operation.
 /// </summary>
 /// <param name="password">The password string. Characters are UTF-8 encoded.</param>
 /// <param name="options">Options modifying the crypt operation.</param>
 /// <returns>The crypted password.</returns>
 public string Crypt(string password, CrypterOptions options)
 {
     return(Crypt(password, GenerateSalt(options)));
 }
 static CrypterOptions()
 {
     None = new CrypterOptions().MakeReadOnly();
 }