private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt) { using (var hmac = new System.Security.Cryptography.HMACSHA384()){ passwordSalt = hmac.Key; passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); } }
public string Encrypt(Encoding encode, string text, string key) { using (var sha = new System.Security.Cryptography.HMACSHA384(encode.GetBytes(key))) { var hash = sha.ComputeHash(encode.GetBytes(text)); return(ByteToString.Convert(hash)); } }
public static byte[] Hash(string key, string value) { byte[] keyBytes = Encoding.UTF8.GetBytes(key); byte[] data = Encoding.UTF8.GetBytes(value); var cipher = new System.Security.Cryptography.HMACSHA384(keyBytes); byte[] result = cipher.ComputeHash(data); return(result); }
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt) { using (var hmac = new System.Security.Cryptography.HMACSHA384(passwordSalt)) { var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); for (int i = 0; i < computedHash.Length; i++) { if (computedHash[i] != passwordHash[i]) { return(false); } } }; return(true); }
public void Execute() { ProgressChanged(0, 1); System.Security.Cryptography.HMAC hmacAlgorithm; switch ((HMACSettings.HashFunction)settings.SelectedHashFunction) { case HMACSettings.HashFunction.MD5: hmacAlgorithm = new System.Security.Cryptography.HMACMD5(); break; case HMACSettings.HashFunction.RIPEMD160: hmacAlgorithm = new System.Security.Cryptography.HMACRIPEMD160(); break; case HMACSettings.HashFunction.SHA1: hmacAlgorithm = new System.Security.Cryptography.HMACSHA1(); break; case HMACSettings.HashFunction.SHA256: hmacAlgorithm = new System.Security.Cryptography.HMACSHA256(); break; case HMACSettings.HashFunction.SHA384: hmacAlgorithm = new System.Security.Cryptography.HMACSHA384(); break; case HMACSettings.HashFunction.SHA512: hmacAlgorithm = new System.Security.Cryptography.HMACSHA512(); break; default: GuiLogMessage("No hash algorithm for HMAC selected, using MD5.", NotificationLevel.Warning); hmacAlgorithm = new System.Security.Cryptography.HMACMD5(); break; } hmacAlgorithm.Key = key; OutputData = (inputData != null) ? hmacAlgorithm.ComputeHash(inputData.CreateReader()) : hmacAlgorithm.ComputeHash(new byte[] {}); GuiLogMessage(String.Format("HMAC computed. (using hash algorithm {0}: {1})", settings.SelectedHashFunction, hmacAlgorithm.GetType().Name), NotificationLevel.Info); ProgressChanged(1, 1); }
// https://api.bitfinex.com/v1/order/new // http://bitcoin.stackexchange.com/questions/25835/bitfinex-api-call-returns-400-bad-request public static async void GetBalance() { string APISECRET = ""; string APIKEY = ""; //POST data try { // long nonce = System.DateTime.Now.ToUnixTimestampMS(); //returns a strictly increasing timestamp based number e.g. 1402207693893 long nonce = DateHelper.GetCurrentUnixTimestampMillis(); string uri = "https://api.bitfinex.com/v1/balances"; string paramDict = "{\"request\": \"/v1/balances\",\"nonce\": \"" + nonce + "\"}"; //ie. {"request": "/v1/balances","nonce": "1402207693893"} string payload = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(paramDict)); //API Sign string hexHash = null; using (System.Security.Cryptography.HMACSHA384 hmac = new System.Security.Cryptography.HMACSHA384(System.Text.Encoding.UTF8.GetBytes(APISECRET))) { byte[] hash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payload)); hexHash = System.BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant(); } System.Collections.Generic.Dictionary <string, string> headers = new System.Collections.Generic.Dictionary <string, string>(); headers.Add("X-BFX-APIKEY", APIKEY); //My API KEY headers.Add("X-BFX-PAYLOAD", payload); headers.Add("X-BFX-SIGNATURE", hexHash); string responseContent = await libCoinBaseSharp.WebClientHelper.PostStream <string>(uri, null, headers); } catch (System.Exception e) { System.Diagnostics.Debug.WriteLine(e.Message); throw; } }
// https://api.bitfinex.com/v1/order/new // http://bitcoin.stackexchange.com/questions/25835/bitfinex-api-call-returns-400-bad-request public static void GetBalance() { string APISECRET = ""; string APIKEY = ""; // long nonce = System.DateTime.Now.ToUnixTimestampMS(); //returns a strictly increasing timestamp based number e.g. 1402207693893 long nonce = DateHelper.GetCurrentUnixTimestampMillis(); string path = "https://api.bitfinex.com/v1/balances"; string paramDict = "{\"request\": \"/v1/balances\",\"nonce\": \"" + nonce + "\"}"; //ie. {"request": "/v1/balances","nonce": "1402207693893"} string payload = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(paramDict)); //API Sign string hexHash = null; using (System.Security.Cryptography.HMACSHA384 hmac = new System.Security.Cryptography.HMACSHA384(System.Text.Encoding.UTF8.GetBytes(APISECRET))) { byte[] hash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payload)); hexHash = System.BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant(); } System.Collections.Specialized.NameValueCollection headers = new System.Collections.Specialized.NameValueCollection(); headers.Add("X-BFX-APIKEY", APIKEY); //My API KEY headers.Add("X-BFX-PAYLOAD", payload); headers.Add("X-BFX-SIGNATURE", hexHash); //POST data try { //create post request System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.HttpWebRequest.Create(path); request.KeepAlive = true; request.Method = System.Net.Http.HttpMethod.Post.Method; //add headers request.Headers.Add(headers); //write out payload byte[] byteArray = System.Text.Encoding.UTF8.GetBytes(paramDict); request.ContentLength = byteArray.Length; using (System.IO.Stream writer = request.GetRequestStream()) { writer.Write(byteArray, 0, byteArray.Length); } //read reply using (System.Net.HttpWebResponse response = request.GetResponse() as System.Net.HttpWebResponse) { using (System.IO.TextReader reader = new System.IO.StreamReader(response.GetResponseStream())) { //get reply (JSON) string responseContent = reader.ReadToEnd(); System.Console.WriteLine(responseContent); } } } catch (System.Exception e) { //always throws an exception here System.Diagnostics.Debug.WriteLine(e.Message); } }
/// <summary> /// SHA384 hash algorithm plus hmac. /// </summary> public SHA384HMAC() { hmac = new System.Security.Cryptography.HMACSHA384(); }
/// <summary> /// Register an account. Returns true if succeed, otherwise return false and write logs. /// </summary> /// <param name="username"></param> /// <param name="rawPassword"></param> /// <param name="hashType"></param> /// <returns></returns> public static bool RegisterUser(string username, string rawPassword, int hashType) { try { string hashSaltBase64 = null; string passwordHashBase64 = null; byte[] saltBytes; System.Security.Cryptography.HMAC hmac; switch (hashType) { case (int)Enums.HMAC.MD5: hashSaltBase64 = null; using (System.Security.Cryptography.MD5 hasher = System.Security.Cryptography.MD5.Create()) { passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); } break; case (int)Enums.HMAC.RIPEMD160: hashSaltBase64 = null; using (System.Security.Cryptography.RIPEMD160 hasher = System.Security.Cryptography.RIPEMD160.Create()) { passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); } break; case (int)Enums.HMAC.SHA1: hashSaltBase64 = null; using (System.Security.Cryptography.SHA1 hasher = System.Security.Cryptography.SHA1.Create()) { passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); } break; case (int)Enums.HMAC.SHA256: hashSaltBase64 = null; using (System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create()) { passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); } break; case (int)Enums.HMAC.SHA384: hashSaltBase64 = null; using (System.Security.Cryptography.SHA384 hasher = System.Security.Cryptography.SHA384.Create()) { passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); } break; case (int)Enums.HMAC.SHA512: hashSaltBase64 = null; using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create()) { passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); } break; case (int)Enums.HMAC.HMACMD5: saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt]; new Random().NextBytes(saltBytes); hashSaltBase64 = Convert.ToBase64String(saltBytes); hmac = new System.Security.Cryptography.HMACMD5(saltBytes); passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); break; case (int)Enums.HMAC.HMACRIPEMD160: saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt]; new Random().NextBytes(saltBytes); hashSaltBase64 = Convert.ToBase64String(saltBytes); hmac = new System.Security.Cryptography.HMACRIPEMD160(saltBytes); passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); break; case (int)Enums.HMAC.HMACSHA1: saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt]; new Random().NextBytes(saltBytes); hashSaltBase64 = Convert.ToBase64String(saltBytes); hmac = new System.Security.Cryptography.HMACSHA1(saltBytes); passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); break; case (int)Enums.HMAC.HMACSHA256: saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt]; new Random().NextBytes(saltBytes); hashSaltBase64 = Convert.ToBase64String(saltBytes); hmac = new System.Security.Cryptography.HMACSHA256(saltBytes); passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); break; case (int)Enums.HMAC.HMACSHA384: saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt]; new Random().NextBytes(saltBytes); hashSaltBase64 = Convert.ToBase64String(saltBytes); hmac = new System.Security.Cryptography.HMACSHA384(saltBytes); passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); break; case (int)Enums.HMAC.HMACSHA512: saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt]; new Random().NextBytes(saltBytes); hashSaltBase64 = Convert.ToBase64String(saltBytes); hmac = new System.Security.Cryptography.HMACSHA512(saltBytes); passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword))); break; default: throw new NotImplementedException("Unspecified hash type."); } var acc = new Account() { Uname = username, HashSaltBase64 = hashSaltBase64, HashTypeId = hashType, PasswordHashBase64 = passwordHashBase64, IsTwoFactor = false, TwoFactorSecretBase32 = null }; using (AuthorizeEntities ctx = new AuthorizeEntities()) { ctx.Accounts.Add(acc); ctx.SaveChanges(); } } catch (Exception ex) { Log4netLogger.Error(MethodBase.GetCurrentMethod().DeclaringType, "Cannot register user", ex); return(false); } return(true); }
public static bool Login(string username, string password) { bool isOk = false; byte[] saltBytes; System.Security.Cryptography.HMAC hmac; try { using (AuthorizeEntities ctx = new AuthorizeEntities()) { var acc = ctx.Accounts.Where(x => x.Uname == username).FirstOrDefault(); if (acc != null) { switch (acc.HashTypeId) { case (int)Enums.HMAC.MD5: using (System.Security.Cryptography.MD5 hasher = System.Security.Cryptography.MD5.Create()) { isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password)))); } break; case (int)Enums.HMAC.RIPEMD160: using (System.Security.Cryptography.RIPEMD160 hasher = System.Security.Cryptography.RIPEMD160.Create()) { isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password)))); } break; case (int)Enums.HMAC.SHA1: using (System.Security.Cryptography.SHA1 hasher = System.Security.Cryptography.SHA1.Create()) { isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password)))); } break; case (int)Enums.HMAC.SHA256: using (System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create()) { isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password)))); } break; case (int)Enums.HMAC.SHA384: using (System.Security.Cryptography.SHA384 hasher = System.Security.Cryptography.SHA384.Create()) { isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password)))); } break; case (int)Enums.HMAC.SHA512: using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create()) { isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password)))); } break; case (int)Enums.HMAC.HMACMD5: saltBytes = Convert.FromBase64String(acc.HashSaltBase64); hmac = new System.Security.Cryptography.HMACMD5(saltBytes); isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64); break; case (int)Enums.HMAC.HMACRIPEMD160: saltBytes = Convert.FromBase64String(acc.HashSaltBase64); hmac = new System.Security.Cryptography.HMACRIPEMD160(saltBytes); isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64); break; case (int)Enums.HMAC.HMACSHA1: saltBytes = Convert.FromBase64String(acc.HashSaltBase64); hmac = new System.Security.Cryptography.HMACSHA1(saltBytes); isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64); break; case (int)Enums.HMAC.HMACSHA256: saltBytes = Convert.FromBase64String(acc.HashSaltBase64); hmac = new System.Security.Cryptography.HMACSHA256(saltBytes); isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64); break; case (int)Enums.HMAC.HMACSHA384: saltBytes = Convert.FromBase64String(acc.HashSaltBase64); hmac = new System.Security.Cryptography.HMACSHA384(saltBytes); isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64); break; case (int)Enums.HMAC.HMACSHA512: saltBytes = Convert.FromBase64String(acc.HashSaltBase64); hmac = new System.Security.Cryptography.HMACSHA512(saltBytes); isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64); break; default: throw new NotImplementedException("Unspecified hash type."); } } } } catch (Exception ex) { Log4netLogger.Error(MethodBase.GetCurrentMethod().DeclaringType, "Cannot login", ex); isOk = false; } return(isOk); }