////--------------------------------------------------------------------------------------------------------------------------------------------------------------- ///// <summary> ///// Generates a long key from a set of input characters ///// 13-Oct-2015 - Use the MGLEncryption method instead ... ///// </summary> //public static string GetSalt(int saltLength) { // // Use a dedicated random cryptographic class to build a random list of characters to the specified length ... // // use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) // RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider(); // byte[] salt = new byte[saltLength]; // csprng.GetBytes(salt); // string base64Str = Convert.ToBase64String(salt); // return base64Str; //} //-------------------------------------------------------------------------------------------------------------------------------------------------------------- private static bool TestEncryption() { bool success = false; //----------------------------------------------------------------------------------------------------------------------------------------------------------- // Test the general encryption stuff ... StringBuilder tempKey = MGLEncryption.GetSalt(30); StringBuilder tempKey2 = MGLEncryption.GetSalt(30); // Test the mgl encryption 2 ... StringBuilder testPword2 = MGLPasswordHash.EncryptPassword(tempKey); StringBuilder testPword3 = MGLPasswordHash.EncryptPassword(tempKey2); bool theSame3 = MGLPasswordHash.Compare(tempKey, testPword2); bool theSame4 = MGLPasswordHash.Compare(tempKey, testPword3); success = theSame3 == true && theSame4 == false; return(success); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Encrypts the given string /// </summary> public static StringBuilder EncryptPassword(StringBuilder password) { StringBuilder encryptedPassword = null; try { // First we need to turn the input string into a byte array. // 5-Jul-15 - by adding a random padding of 8 chars at the start, we ensure that a password of "Hello World" will not be // the same twice when encrypted StringBuilder randomPaddingSalt = MGLEncryption.GetSalt(SaltLength); // Turn the password into Key and IV. We are using salt to make it harder to guess our key // using a dictionary attack - trying to guess a password by enumerating all possible words. // and generate a password specific salt that we will append to the end of the string ... StringBuilder randomAlgSaltStr = MGLEncryption.GetSalt(SaltLength); encryptedPassword = Encrypt(password, randomPaddingSalt.ToString(), randomAlgSaltStr.ToString(), SaltIterations); } catch (Exception ex) { Logger.LogError(9, "Error trying to encrypt a password. " + ex.StackTrace); } return(encryptedPassword); }