/// <summary> /// Encrypts the data with the given password and salt with the AES algorithm. /// </summary> /// <param name="data"></param> /// <param name="password"></param> /// <returns></returns> public byte[] Encrypt(byte[] data, byte[] encryptedPassword, byte[] salt) { byte[] encryptedData = null; using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider()) { provider.GenerateIV(); // Create a byte array out of the encrypted bytes var passwordBytes = CryptMemoryProtection.DecryptInMemoryData(encryptedPassword); provider.Key = passwordBytes; provider.Mode = CipherMode.CBC; provider.Padding = PaddingMode.PKCS7; using (MemoryStream memStream = new MemoryStream()) { memStream.Write(provider.IV, 0, 16); using (ICryptoTransform encryptor = provider.CreateEncryptor(provider.Key, provider.IV)) { using (CryptoStream cryptoStream = new CryptoStream(memStream, encryptor, CryptoStreamMode.Write)) { cryptoStream.Write(data, 0, data.Length); cryptoStream.FlushFinalBlock(); } } encryptedData = memStream.ToArray(); } } return(encryptedData); }
/// <summary> /// Decrypts data with the password and salt that its been encrypted with. /// </summary> /// <param name="data"></param> /// <param name="password"></param> /// <returns></returns> public byte[] Decrypt(byte[] data, byte[] encryptedPassword, byte[] salt) { byte[] decryptedData = new byte[data.Length]; using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider()) { // Create a byte array out of the encrypted bytes var passwordBytes = CryptMemoryProtection.DecryptInMemoryData(encryptedPassword); provider.Key = passwordBytes; provider.Mode = CipherMode.CBC; provider.Padding = PaddingMode.PKCS7; using (MemoryStream memStream = new MemoryStream(data)) { byte[] iv = new byte[16]; memStream.Read(iv, 0, 16); using (ICryptoTransform decryptor = provider.CreateDecryptor(provider.Key, iv)) { using (CryptoStream cryptoStream = new CryptoStream(memStream, decryptor, CryptoStreamMode.Read)) { cryptoStream.Read(decryptedData, 0, decryptedData.Length); } } } } return(decryptedData); }
/// <summary> /// Takes in an encrypted pw and calculates its strength => return list of tips and blackList status. /// </summary> /// <param name="pw"></param> /// <returns></returns> public static double CalculatePasswordStrength(byte[] encryptedPw, out HashSet <string> resultTips, out bool isBlackListed) { // Load in the pw blacklist isBlackListed = false; resultTips = new HashSet <string>(); var pw = ByteHelper.ByteArrayToString(CryptMemoryProtection.DecryptInMemoryData(encryptedPw)); double passwordStrengthValue = 1; if (!pw.Any(c => char.IsUpper(c))) { passwordStrengthValue -= 0.25; resultTips.Add("The password doesn't contain upper case characters."); } if (!pw.Any(c => char.IsDigit(c))) { passwordStrengthValue -= 0.25; resultTips.Add("The password doesn't contain digits."); } if (pw.Length < 12) { passwordStrengthValue -= 0.50; resultTips.Add("The password is too short. It should be at least 12 characters long."); } if (!WellKnownSpecialCharacters.ContainsSpecialCharacters(pw)) { passwordStrengthValue -= 0.25; resultTips.Add("The password doesn't contain special characters."); } if (PasswordBlackList.GetBlackList().Contains(pw)) { passwordStrengthValue -= 1; isBlackListed = true; resultTips.Add("This password has already been leaked and is widely spread on the internet - combined with it's hash. It is not save."); } // We do not want a "negative" value password strength if (passwordStrengthValue <= 0) { passwordStrengthValue = 0.1; } if (isBlackListed) { passwordStrengthValue = 0; } pw = string.Empty; return(passwordStrengthValue); }