/// <summary>
/// Encrypts the data with the given password and salt with the AES algorithm.
/// </summary>
/// <param name="data"></param>
/// <param name="password"></param>
/// <returns></returns>
public byte[] Encrypt(byte[] data, byte[] encryptedPassword, byte[] salt)
{
byte[] encryptedData = null;
using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider())
{
provider.GenerateIV();
// Create a byte array out of the encrypted bytes
var passwordBytes = CryptMemoryProtection.DecryptInMemoryData(encryptedPassword);
provider.Key = passwordBytes;
provider.Mode = CipherMode.CBC;
provider.Padding = PaddingMode.PKCS7;
using (MemoryStream memStream = new MemoryStream())
{
memStream.Write(provider.IV, 0, 16);
using (ICryptoTransform encryptor = provider.CreateEncryptor(provider.Key, provider.IV))
{
using (CryptoStream cryptoStream = new CryptoStream(memStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(data, 0, data.Length);
cryptoStream.FlushFinalBlock();
}
}
encryptedData = memStream.ToArray();
}
}
return(encryptedData);
}
/// <summary>
/// Decrypts data with the password and salt that its been encrypted with.
/// </summary>
/// <param name="data"></param>
/// <param name="password"></param>
/// <returns></returns>
public byte[] Decrypt(byte[] data, byte[] encryptedPassword, byte[] salt)
{
byte[] decryptedData = new byte[data.Length];
using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider())
{
// Create a byte array out of the encrypted bytes
var passwordBytes = CryptMemoryProtection.DecryptInMemoryData(encryptedPassword);
provider.Key = passwordBytes;
provider.Mode = CipherMode.CBC;
provider.Padding = PaddingMode.PKCS7;
using (MemoryStream memStream = new MemoryStream(data))
{
byte[] iv = new byte[16];
memStream.Read(iv, 0, 16);
using (ICryptoTransform decryptor = provider.CreateDecryptor(provider.Key, iv))
{
using (CryptoStream cryptoStream = new CryptoStream(memStream, decryptor, CryptoStreamMode.Read))
{
cryptoStream.Read(decryptedData, 0, decryptedData.Length);
}
}
}
}
return(decryptedData);
}
/// <summary>
/// Takes in an encrypted pw and calculates its strength => return list of tips and blackList status.
/// </summary>
/// <param name="pw"></param>
/// <returns></returns>
public static double CalculatePasswordStrength(byte[] encryptedPw, out HashSet <string> resultTips, out bool isBlackListed)
{
// Load in the pw blacklist
isBlackListed = false;
resultTips = new HashSet <string>();
var pw = ByteHelper.ByteArrayToString(CryptMemoryProtection.DecryptInMemoryData(encryptedPw));
double passwordStrengthValue = 1;
if (!pw.Any(c => char.IsUpper(c)))
{
passwordStrengthValue -= 0.25;
resultTips.Add("The password doesn't contain upper case characters.");
}
if (!pw.Any(c => char.IsDigit(c)))
{
passwordStrengthValue -= 0.25;
resultTips.Add("The password doesn't contain digits.");
}
if (pw.Length < 12)
{
passwordStrengthValue -= 0.50;
resultTips.Add("The password is too short. It should be at least 12 characters long.");
}
if (!WellKnownSpecialCharacters.ContainsSpecialCharacters(pw))
{
passwordStrengthValue -= 0.25;
resultTips.Add("The password doesn't contain special characters.");
}
if (PasswordBlackList.GetBlackList().Contains(pw))
{
passwordStrengthValue -= 1;
isBlackListed = true;
resultTips.Add("This password has already been leaked and is widely spread on the internet - combined with it's hash. It is not save.");
}
// We do not want a "negative" value password strength
if (passwordStrengthValue <= 0)
{
passwordStrengthValue = 0.1;
}
if (isBlackListed)
{
passwordStrengthValue = 0;
}
pw = string.Empty;
return(passwordStrengthValue);
}
