public static string BCrypt(this string password)
{
var options = new CrypterOptions()
{
// specify the number of rounds to iterate (2^n) between 2^4 an 2^31
// 2^14 = 16384 iterations
{ CrypterOption.Rounds, 14 }
};
var crytpedPassword = Crypter.Blowfish.Crypt(password, options);
return(crytpedPassword);
}
public bool EncryptUserPassword(string deviceId, string password)
{
var options = new CrypterOptions()
{
{ CrypterOption.Rounds, Configuration["PasswordRounds"] }
};
BlowfishCrypter crypter = new BlowfishCrypter();
var salt = crypter.GenerateSalt(options);
var results = crypter.Crypt(password, salt);
GenericData.SetPlayerData(deviceId, "password", results);
return(true);
}
static void TestRoundtrip(Crypter crypter, CrypterOptions options)
{
RandomNumberGenerator rng = RandomNumberGenerator.Create();
for (int i = 0; i < 25; i++)
{
byte[] length = new byte[1];
rng.GetBytes(length);
byte[] password = new byte[length[0]];
rng.GetBytes(password);
string refCrypt = crypter.Crypt(password, options);
TestPassword(password, refCrypt, crypter);
}
}
private static void PwdSpeedTest()
{
Log.WriteLog("Determining the correct value for Rounds on this computer for saving passwords...");
System.Diagnostics.Stopwatch encryptTimer = new System.Diagnostics.Stopwatch();
int rounds = 6;
while (encryptTimer.ElapsedMilliseconds < 250)
{
rounds++;
var options = new CrypterOptions()
{
{ CrypterOption.Rounds, rounds }
};
encryptTimer.Restart();
BlowfishCrypter crypter = new BlowfishCrypter();
var salt = crypter.GenerateSalt(options);
var results = crypter.Crypt("anythingWillDo", salt);
encryptTimer.Stop();
Log.WriteLog("Time with Rounds:" + rounds + ": " + encryptTimer.ElapsedMilliseconds + "ms");
}
Log.WriteLog("Suggestion: Set the PasswordRounds configuration variable to " + rounds + " in PraxisMapper's appsettings.json file");
}
/// <summary> /// Generates a salt string. Options are used to modify the salt generation. /// The purpose of salt is to make dictionary attacks against a whole password database much harder, /// by causing the crypted password to be different even if two users have the same uncrypted password. /// /// Randomness in a crypted password comes from its salt string, as do all recorded options. /// The same salt string, when combined with the same password, will generate the same crypted password. /// If the salt string differs, the same password will generate a different crypted password /// (crypted passwords have the form <c>algorithm+salt+hash</c>, so the salt is always carried along /// with the crypted password). /// </summary> /// <param name="options">Options modifying the salt generation.</param> /// <returns>The salt string.</returns> public abstract string GenerateSalt(CrypterOptions options);
/// <summary>
/// Creates a one-way password hash (crypted password) from password bytes.
/// Options modify the crypt operation.
/// </summary>
/// <param name="password">The bytes of the password.</param>
/// <param name="options">Options modifying the crypt operation.</param>
/// <returns>The crypted password.</returns>
public string Crypt(byte[] password, CrypterOptions options)
{
Check.Null("password", password);
Check.Null("options", options);
return Crypt(password, GenerateSalt(options));
}
/// <summary>
/// Creates a one-way password hash (crypted password) from a password string.
/// Options modify the crypt operation.
/// </summary>
/// <param name="password">The password string. Characters are UTF-8 encoded.</param>
/// <param name="options">Options modifying the crypt operation.</param>
/// <returns>The crypted password.</returns>
public string Crypt(string password, CrypterOptions options)
{
return Crypt(password, GenerateSalt(options));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
string prefix;
switch (options.GetValue(CrypterOption.Variant, MD5CrypterVariant.Standard))
{
case MD5CrypterVariant.Standard: prefix = "$1$"; break;
case MD5CrypterVariant.Apache: prefix = "$apr1$"; break;
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
return prefix + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
switch (options.GetValue(CrypterOption.Variant, LdapCrypterVariant.SSha))
{
case LdapCrypterVariant.Crypt:
Crypter crypter = options.GetValue<Crypter>(LdapCrypterOption.Crypter);
if (crypter == null)
{
throw Exceptions.Argument("LdapCrypterOption.Crypter",
"Crypter not set. Did you intend Crypter.TraditionalDes (the slappasswd default)?");
}
CrypterOptions crypterOptions = options.GetValue(LdapCrypterOption.CrypterOptions, CrypterOptions.None);
return "{CRYPT}" + crypter.GenerateSalt(crypterOptions);
case LdapCrypterVariant.SSha: return "{SSHA}" + Convert.ToBase64String(Security.GenerateRandomBytes(8));
case LdapCrypterVariant.SMD5: return "{SMD5}" + Convert.ToBase64String(Security.GenerateRandomBytes(8));
case LdapCrypterVariant.Sha: return "{SHA}";
case LdapCrypterVariant.MD5: return "{MD5}";
case LdapCrypterVariant.Cleartext: return "{CLEARTEXT}";
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int? rounds = options.GetValue<int?>(CrypterOption.Rounds);
if (rounds != null)
{
Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds);
}
return CryptPrefix
+ (rounds != null ? string.Format("rounds={0}$", rounds) : "")
+ Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(12));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
string salt;
do { salt = Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(2)).Substring(0, 2); }
while (FilterSalt(salt) != salt);
return salt;
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int rounds = options.GetValue(CrypterOption.Rounds, 14);
Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds);
string prefix;
switch (options.GetValue(CrypterOption.Variant, PhpassCrypterVariant.Standard))
{
case PhpassCrypterVariant.Standard: prefix = "$P$"; break;
case PhpassCrypterVariant.Phpbb: prefix = "$H$"; break;
case PhpassCrypterVariant.Drupal: prefix = "$S$"; break;
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
return prefix
+ Base64Encoding.UnixMD5.GetChar(rounds)
+ Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int rounds = options.GetValue(CrypterOption.Rounds, 6);
Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds);
string prefix;
switch (options.GetValue(CrypterOption.Variant, BlowfishCrypterVariant.Unspecified))
{
case BlowfishCrypterVariant.Unspecified: prefix = "$2a$"; break;
case BlowfishCrypterVariant.Compatible: prefix = "$2x$"; break;
case BlowfishCrypterVariant.Corrected: prefix = "$2y$"; break;
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
return prefix
+ rounds.ToString("00") + '$'
+ Base64Encoding.Blowfish.GetString(Security.GenerateRandomBytes(16));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int? rounds = options.GetValue<int?>(CrypterOption.Rounds);
if (rounds != null)
{
Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds);
}
byte[] roundsBytes = new byte[3], saltBytes = null;
try
{
BitPacking.LEBytesFromUInt24((uint)(rounds ?? 4321), roundsBytes, 0);
saltBytes = Security.GenerateRandomBytes(3);
return "_"
+ Base64Encoding.UnixMD5.GetString(roundsBytes)
+ Base64Encoding.UnixMD5.GetString(saltBytes);
}
finally
{
Security.Clear(roundsBytes);
Security.Clear(saltBytes);
}
}
