public void TestPasswordHashers() { Startup.BooksApp.LogTestStart(); //run it only for MS SQL, to avoid slowing down console run for all servers if (Startup.ServerType != DbServerType.MsSql) { return; } IPasswordHasher hasher; var salt = Guid.NewGuid().ToByteArray(); var pwd = "MyPassword_*&^"; long start, timeMs; bool match; string hash; // You can use this test to approximate the 'difficulty' of hashing algorithm for your computer. // It prints the time it took to hash the pasword. This time should not be too low, desirably no less than 100 ms. hasher = new BCryptPasswordHasher(workFactor: 10); //each +1 doubles the effort; on my machine: 10 -> 125ms, 11->242ms start = Util.GetPreciseMilliseconds(); hash = hasher.HashPassword(pwd, salt); timeMs = Util.GetPreciseMilliseconds() - start; match = hasher.VerifyPassword(pwd, salt, hasher.WorkFactor, hash); Assert.IsTrue(match, "BCrypt hasher failed."); Debug.WriteLine("BCrypt hasher time, ms: " + timeMs); hasher = new Pbkdf2PasswordHasher(iterationCount: 2000); // on my machine: 2000-> 13ms, 5000->32ms start = Util.GetPreciseMilliseconds(); hash = hasher.HashPassword(pwd, salt); timeMs = Util.GetPreciseMilliseconds() - start; match = hasher.VerifyPassword(pwd, salt, hasher.WorkFactor, hash); Assert.IsTrue(match, "Pbkdf hasher failed."); Debug.WriteLine("Pbkdf hasher time, ms: " + timeMs); }
private static async Task GenerateImpl() { await using var connectionController = new DbConnectionControllerMySql(connectionString); var repo = new UsersRepoMySql(connectionController, new NullLogger <UsersRepoMySql>()); await OpenConnection(connectionController); for (var idxFrom = 0; idxFrom < count; idxFrom += step) { var idxTo = idxFrom + step < count ? idxFrom + step : count; var testUsers = new Faker <User>(/*"ru"*/) .RuleFor(u => u.Id, (f, u) => 0) .RuleFor(u => u.GivenName, (f, u) => f.Name.FirstName()) .RuleFor(u => u.FamilyName, (f, u) => f.Name.LastName()) .RuleFor(u => u.Email, (f, u) => f.Internet.Email(u.GivenName, u.FamilyName, null, f.UniqueIndex.ToString())) .RuleFor(u => u.Password, (f, u) => hasher.HashPassword("123")) .RuleFor(u => u.Age, (f, u) => f.Random.Byte(5, 80)) .RuleFor(u => u.City, f => f.Address.City()) .RuleFor(u => u.IsActive, f => true); var users = testUsers.Generate(idxTo - idxFrom); foreach (var user in users) { await repo.AddUser(user); Interlocked.Increment(ref generated); } logger.LogInformation($"{generated} have been generated."); } }
public void HashTest() { Pbkdf2PasswordHasher hasher = new Pbkdf2PasswordHasher(); string hash = hasher.HashPassword("abcd123"); Assert.AreEqual(89, hash.Length); }
public void Pbkdf2() { var hasher = new Pbkdf2PasswordHasher(); var hashedPassword = hasher.HashPassword(TestPassword, new SecureRandomGenerator()); Assert.IsNotNull(hashedPassword); var flag = hasher.VerifyHashedPassword(hashedPassword, TestPassword); Assert.IsTrue(flag); }
public async Task ResetPassword(CredentialsViewModel viewModel) { var user = _unitOfWork.Users.All().FirstOrDefault(u => u.Email == viewModel.Email); if (user == null) { throw new Exception(Constants.InvalidEmailExceptionMessage); } user.IsEnabled = true; var hasher = new Pbkdf2PasswordHasher(); user.Password = hasher.HashPassword(user, viewModel.Password); _unitOfWork.Users.Update(user); await _unitOfWork.SaveChangesAsync(); }
public async Task Register(UserViewModel viewModel) { var user = await _userViewModelToUserConverter.Convert(viewModel); if (_unitOfWork.Users.All().Any(u => u.Email == user.Email)) { throw new Exception(Constants.EmailAlreadyUsedExceptionMessage); } var hasher = new Pbkdf2PasswordHasher(); user.Salt = hasher.GenerateSalt(); user.Password = hasher.HashPassword(user, hasher.GeneratePassword()); user.IsEnabled = false; _unitOfWork.Users.Add(user); await _unitOfWork.SaveChangesAsync(); var content = System.IO.File.ReadAllText(System.IO.Path.Combine(_environment.ContentRootPath, Constants.WwwRoot, Constants.EmailTemplateFoldername, Constants.RegistrationEmailFilename)) .Replace("@NAME@", user.Name); await _emailService.Send(user.Email, Constants.RegistrationEmailSubject, content); }