public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword) { if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); } if (providedPassword == null) { throw new ArgumentNullException(nameof(providedPassword)); } bool isValid; switch (options.HashFunction) { case LfHashFunction.Argon2: isValid = PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword); break; case LfHashFunction.SCrypt: isValid = PasswordHash.ScryptHashStringVerify(hashedPassword, providedPassword); break; case LfHashFunction.MD5: isValid = hashedPassword.Equals(CalcMd5(providedPassword)); break; default: throw new IndexOutOfRangeException(); } return(isValid ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); }
public PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword) { if (user == null) { throw new ArgumentNullException(nameof(user), $"{nameof(user)} should not be null"); } if (string.IsNullOrEmpty(hashedPassword)) { throw new ArgumentNullException(nameof(hashedPassword), $"{nameof(hashedPassword)} should not be null"); } if (string.IsNullOrEmpty(providedPassword)) { throw new ArgumentNullException(nameof(providedPassword), $"{nameof(providedPassword)} should not be null"); } try { var passwordHasher = new PasswordHasher <TUser>(); return(passwordHasher.VerifyHashedPassword(user, hashedPassword, providedPassword)); } catch { return(PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); } }
// Verify that the user has entered the correct master password. public static void Authenticate(TextBox passTextBox, Button loginButton, Label statusLabel, Label infoLabel, TabControl tabControl, ListView passwordListView) { statusLabel.Text = "Authenticating your master password"; // Prevent multiple login attempts at once. loginButton.Enabled = false; tControl = tabControl; accountLoginButton = loginButton; string masterPassword = passTextBox.Text; string masterPasswordHash = File.ReadAllText(PIMUX_AUTH); // Start a background thread to verify password. // Background thread is used due to intensivity of Argon2i. new Thread(() => { Thread.CurrentThread.IsBackground = true; if (PasswordHash.ArgonHashStringVerify(masterPasswordHash, masterPassword)) { // Correct master password. statusLabel.Invoke((MethodInvoker)(() => statusLabel.Text = "")); tabControl.Invoke((MethodInvoker)(() => tabControl.SelectTab(2))); passTextBox.Invoke((MethodInvoker)(() => passTextBox.Text = "")); PasswordManage pm = new PasswordManage(masterPassword, infoLabel, passwordListView); } else { // Incorrect master password. statusLabel.Invoke((MethodInvoker)(() => statusLabel.Text = "Invalid master password")); MessageBox.Show("Invalid master password"); } loginButton.Invoke((MethodInvoker)(() => loginButton.Enabled = true)); }).Start(); }
/// <summary> /// Verify Argon Hash password. /// </summary> /// <returns><c>true</c>, if pwd was verifiyed, <c>false</c> otherwise.</returns> /// <param name="hash">Hash.</param> /// <param name="pwd">Pwd.</param> public static bool VerifiyPwd(byte[] hash, byte[] pwd) { Guard.Argument(hash, nameof(hash)).NotNull(); Guard.Argument(pwd, nameof(pwd)).NotNull(); return(PasswordHash.ArgonHashStringVerify(hash, pwd)); }
public PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword) { if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); } if (providedPassword == null) { throw new ArgumentNullException(nameof(providedPassword)); } try { var previousHash = PreviousHasher.VerifyHashedPassword(user, hashedPassword, providedPassword); if (previousHash == PasswordVerificationResult.Success) { user.Password = PasswordHash.ArgonHashString(providedPassword, HasherOptions.Strength); return(PasswordVerificationResult.SuccessRehashNeeded); } } catch (FormatException) { } var currentHashSuccess = PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword); return(currentHashSuccess ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); }
public void ArgonHashStringModerateTest() { const string PASSWORD = "******"; var hash = PasswordHash.ArgonHashString(PASSWORD, PasswordHash.StrengthArgon.Moderate); Assert.IsTrue(PasswordHash.ArgonHashStringVerify(hash, PASSWORD)); }
public void HashPassword_WithDefaultSettings_ExpectVerifiableHash() { var password = Guid.NewGuid().ToString(); var hasher = new Argon2PasswordHasher <string>(); var hashedPassword = hasher.HashPassword("", password); PasswordHash.ArgonHashStringVerify(hashedPassword, password).Should().BeTrue(); }
public void ArgonHashStringTest() { const string PASSWORD = "******"; //See: https://download.libsodium.org/doc/password_hashing/the_argon2i_function.html // (MEM_LIMIT: It is recommended to allow the function to use at least 32 megabytes.) const long OPS_LIMIT = 4; const int MEM_LIMIT = 33554432; var hash = PasswordHash.ArgonHashString(PASSWORD, OPS_LIMIT, MEM_LIMIT); Assert.IsTrue(PasswordHash.ArgonHashStringVerify(hash, PASSWORD)); }
public void HashPassword_WithCustomStrength_ExpectVerifiableHash() { var password = Guid.NewGuid().ToString(); var hasher = new Argon2PasswordHasher <string>( new OptionsWrapper <Argon2PasswordHasherOptions>( new Argon2PasswordHasherOptions { Strength = Argon2HashStrength.Sensitive })); var hashedPassword = hasher.HashPassword("", password); PasswordHash.ArgonHashStringVerify(hashedPassword, password).Should().BeTrue(); }
/// <summary> /// Verify Argon Hash password. /// </summary> /// <returns><c>true</c>, if pwd was verifiyed, <c>false</c> otherwise.</returns> /// <param name="hash">Hash.</param> /// <param name="pwd">Pwd.</param> public static bool VerifiyPwd(byte[] hash, byte[] pwd) { if (hash == null) { throw new ArgumentNullException(nameof(hash)); } if (pwd == null) { throw new ArgumentNullException(nameof(pwd)); } return(PasswordHash.ArgonHashStringVerify(hash, pwd)); }
/// <summary> /// Verify a password hashed using argon2id /// </summary> /// <param name="this">Password hash</param> /// <param name="password">Password to verify</param> public static bool VerifyPassword(this string @this, string password) { if (string.IsNullOrWhiteSpace(@this)) { return(false); } if (string.IsNullOrEmpty(password)) { return(false); } return(PasswordHash.ArgonHashStringVerify(@this.Trim(), password)); }
public void HashPassword_WithDefaultSettings_ExpectVerifiableHash() { var password = "******"; var hasher = new Argon2PasswordHasher <string>(); var hashedPassword = hasher.HashPassword("", password); output.WriteLine(hashedPassword); //this will produce a 32 byte hash var hash = PasswordHash.ScryptHashString(password); PasswordHash.ArgonHashStringVerify(hashedPassword, password).Should().BeTrue(); }
/// <summary>Method which verifies that a supplied plain-text password matches the encrypted password.</summary> public bool Verify(string plaintext) { if (EncryptedPasswordb64 == null) { throw new Exception("You must have an encrypted password to verify against"); } // Unpack the Encrypted Password var base10 = Convert.FromBase64String(EncryptedPasswordb64); var dec = new ChaCha20Poly1305(Encoding.ASCII.GetBytes(Key)); var decryptedBytes = dec.Decrypt(base10); var decryptedString = Encoding.ASCII.GetString(decryptedBytes); return(PasswordHash.ArgonHashStringVerify(decryptedString, plaintext)); }
public PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword) { if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); } if (providedPassword == null) { throw new ArgumentNullException(nameof(providedPassword)); } var isValid = PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword); return(isValid ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); }
public PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword) { if (PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword)) { return(PasswordVerificationResult.Success); } if (_previous?.VerifyHashedPassword(user, hashedPassword, providedPassword) == PasswordVerificationResult.Success) { return(PasswordVerificationResult.SuccessRehashNeeded); } return(PasswordVerificationResult.Failed); }
public void ArgonHashStringSensitiveTest() { const string PASSWORD = "******"; try { //Could cause OutOfMemoryException var hash = PasswordHash.ArgonHashString(PASSWORD, PasswordHash.StrengthArgon.Sensitive); Assert.IsTrue(PasswordHash.ArgonHashStringVerify(hash, PASSWORD)); } catch (OutOfMemoryException e) { Assert.Inconclusive(e.ToString()); } }
public ActionResult Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return(View(model)); } var list = db.Accounts.Where(a => a.Login == model.Email).Take(1).ToList(); if (list.Count == 0) { ModelState.AddModelError("", "Такой аккаунт не существует."); return(View(model)); } else { byte[] empty = null; byte[] key = null; using (FileStream fstream = new FileStream(@"C:\Users\Valentine\source\repos\SecuritySystemLab1\SecuritySystemLab1\note.txt", FileMode.Open)) { key = new byte[fstream.Length]; fstream.Read(key, 0, key.Length); } var decrypted = SecretAead.Decrypt(list[0].Password, list[0].Nonce, key, null); if (PasswordHash.ArgonHashStringVerify(Encoding.UTF8.GetString(decrypted), Encoding.UTF8.GetString(GenericHash.Hash(model.Password, empty, 32)))) { FormsAuthentication.SetAuthCookie(model.Email, false); var rolesArray = Roles.GetRolesForUser(User.Identity.Name); Roles.CreateRole("User"); //Roles.AddUserToRole(User.Identity.Name, "Member"); //RolePrincipal r = (RolePrincipal)User; //var rolesArray1 = r.GetRoles(); return(RedirectToLocal(returnUrl)); } else { ModelState.AddModelError("", "Неверный логин или пароль."); return(View(model)); } } }
public ActionResult ChangePassword(ChangePasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var list = db.Accounts.Where(a => a.Login == User.Identity.Name).Take(1).ToList(); if (list.Count != 0) { Account account = list[0]; byte[] empty = null; byte[] key = null; using (FileStream fstream = new FileStream(@"C:\Users\Valentine\source\repos\SecuritySystemLab1\SecuritySystemLab1\note.txt", FileMode.Open)) { key = new byte[fstream.Length]; fstream.Read(key, 0, key.Length); } var decrypted = SecretAead.Decrypt(list[0].Password, list[0].Nonce, key, null); if (PasswordHash.ArgonHashStringVerify(Encoding.UTF8.GetString(decrypted), Encoding.UTF8.GetString(GenericHash.Hash(model.OldPassword, empty, 32)))) { var nonce = SecretAead.GenerateNonce(); var encrypted = SecretAead.Encrypt(Encoding.UTF8.GetBytes( PasswordHash.ArgonHashString(Encoding.UTF8.GetString(GenericHash.Hash(model.NewPassword, empty, 32)), PasswordHash.StrengthArgon.Interactive)), nonce, key, null); account.Nonce = nonce; account.Password = encrypted; db.Entry(account).State = EntityState.Modified; db.SaveChanges(); return(RedirectToAction("Main", new { Message = ManageMessageId.ChangePasswordSuccess })); } } else { ModelState.AddModelError("", "Произошла ошибка."); return(View(model)); } return(View(model)); }
public PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword) { if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); } if (providedPassword == null) { throw new ArgumentNullException(nameof(providedPassword)); } var isValid = options.HashFunction switch { LfHashFunction.MD5 => hashedPassword.Equals(CalcMd5(providedPassword)), LfHashFunction.Argon2 => PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword), LfHashFunction.SCrypt => PasswordHash.ScryptHashStringVerify(hashedPassword, providedPassword), _ => throw new IndexOutOfRangeException(), }; return(isValid ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); }
public async Task <ActionResult <string> > Login(string identifier, string password) { var user = await _userRepository.FindByIdentifier(identifier); if (user == null) { return(new ActionResult <string>(false, ("", "Invalid credentials"))); } var passwordCorrect = PasswordHash.ArgonHashStringVerify(user.PasswordHash, password); if (!passwordCorrect) { return(new ActionResult <string>(false, ("", "Invalid credentials"))); } var token = TokenGenerator.GenerateAuthToken(); await _authRepository.CreateToken(user.Id, token); return(new ActionResult <string>(true, token)); }
public JwtSecurityToken Authenticate(string email, string password) { if (string.IsNullOrWhiteSpace(email) || string.IsNullOrWhiteSpace(password)) { return(null); } var user = mSentryContext .Users .FirstOrDefault(p => p.Email == email); if (user == null) { return(null); } if (PasswordHash.ArgonHashStringVerify(user.PasswordHash, password)) { var claims = new[] { new Claim("uid", user.UserIdentifier.ToString()) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(mConfiguration["Authentication:SecurityKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); return(new JwtSecurityToken( issuer: "yourdomain.com", audience: "yourdomain.com", claims: claims, expires: DateTime.Now.AddMinutes(30), signingCredentials: creds)); } return(null); }
public void ArgonHashStringVerifyTest() { const int OUTPUT = 1; const int PASS = 0; var tests = new List <string[]> { new[] { "", "$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" }, new[] { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", "$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/+K/bizwsA1P11UG2dj/7+aILJ4I" }, new[] { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*", "$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" } }; foreach (var test in tests) { Assert.IsTrue(PasswordHash.ArgonHashStringVerify(test[OUTPUT], test[PASS])); } }
public override PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword) { return(PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); }
/// <summary>Verifies a password with its hashed counterpart.</summary> /// <param name="hashedPassword">Hashed password</param> /// <param name="password">Plaintext password</param> /// <returns>Returns result of validation</returns> public static bool ValidatePassword(string hashedPassword, string password) => PasswordHash .ArgonHashStringVerify(hashedPassword, password);
public bool VerifyHashedPassword(string plaintext, string hash) { return(PasswordHash.ArgonHashStringVerify(hash, plaintext)); }
public bool VerifyPassword(string hash, string password) { return(PasswordHash.ArgonHashStringVerify(hash, password)); }