/// <summary>
/// Takes a password and returns the password hashed and with the salt and iteration count in a PasswordHashModel.
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
public static PasswordHashModel HashAndSalt(string password)
{
// generate a 128-bit salt using a secure PRNG
byte[] salt = new byte[16];
using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
{
rng.GetBytes(salt);
}
// derive a 256-bit subkey (use HMACSHA512 with a certain number of iterations)
// note: I swithced to HMACSHA512 from the docs code because a bigger number seems better
byte[] hashed = KeyDerivation.Pbkdf2(
password: password,
salt: salt,
prf: KeyDerivationPrf.HMACSHA512,
iterationCount: Iterations,
numBytesRequested: 32);
PasswordHashModel output = new PasswordHashModel
{
IterationsOnHash = Iterations,
Salt = salt,
PasswordHash = hashed
};
return(output);
}
public static (bool, bool iterationsNeedsUpgrade) PasswordEqualsHash(string password, PasswordHashModel passwordHashModel)
{
return(PasswordEqualsHash(password,
passwordHashModel.PasswordHash,
passwordHashModel.Salt,
passwordHashModel.IterationsOnHash));
}
