public static string BCrypt(this string password) { var options = new CrypterOptions() { // specify the number of rounds to iterate (2^n) between 2^4 an 2^31 // 2^14 = 16384 iterations { CrypterOption.Rounds, 14 } }; var crytpedPassword = Crypter.Blowfish.Crypt(password, options); return(crytpedPassword); }
public bool EncryptUserPassword(string deviceId, string password) { var options = new CrypterOptions() { { CrypterOption.Rounds, Configuration["PasswordRounds"] } }; BlowfishCrypter crypter = new BlowfishCrypter(); var salt = crypter.GenerateSalt(options); var results = crypter.Crypt(password, salt); GenericData.SetPlayerData(deviceId, "password", results); return(true); }
static void TestRoundtrip(Crypter crypter, CrypterOptions options) { RandomNumberGenerator rng = RandomNumberGenerator.Create(); for (int i = 0; i < 25; i++) { byte[] length = new byte[1]; rng.GetBytes(length); byte[] password = new byte[length[0]]; rng.GetBytes(password); string refCrypt = crypter.Crypt(password, options); TestPassword(password, refCrypt, crypter); } }
private static void PwdSpeedTest() { Log.WriteLog("Determining the correct value for Rounds on this computer for saving passwords..."); System.Diagnostics.Stopwatch encryptTimer = new System.Diagnostics.Stopwatch(); int rounds = 6; while (encryptTimer.ElapsedMilliseconds < 250) { rounds++; var options = new CrypterOptions() { { CrypterOption.Rounds, rounds } }; encryptTimer.Restart(); BlowfishCrypter crypter = new BlowfishCrypter(); var salt = crypter.GenerateSalt(options); var results = crypter.Crypt("anythingWillDo", salt); encryptTimer.Stop(); Log.WriteLog("Time with Rounds:" + rounds + ": " + encryptTimer.ElapsedMilliseconds + "ms"); } Log.WriteLog("Suggestion: Set the PasswordRounds configuration variable to " + rounds + " in PraxisMapper's appsettings.json file"); }
/// <summary> /// Generates a salt string. Options are used to modify the salt generation. /// The purpose of salt is to make dictionary attacks against a whole password database much harder, /// by causing the crypted password to be different even if two users have the same uncrypted password. /// /// Randomness in a crypted password comes from its salt string, as do all recorded options. /// The same salt string, when combined with the same password, will generate the same crypted password. /// If the salt string differs, the same password will generate a different crypted password /// (crypted passwords have the form <c>algorithm+salt+hash</c>, so the salt is always carried along /// with the crypted password). /// </summary> /// <param name="options">Options modifying the salt generation.</param> /// <returns>The salt string.</returns> public abstract string GenerateSalt(CrypterOptions options);
/// <summary> /// Creates a one-way password hash (crypted password) from password bytes. /// Options modify the crypt operation. /// </summary> /// <param name="password">The bytes of the password.</param> /// <param name="options">Options modifying the crypt operation.</param> /// <returns>The crypted password.</returns> public string Crypt(byte[] password, CrypterOptions options) { Check.Null("password", password); Check.Null("options", options); return Crypt(password, GenerateSalt(options)); }
/// <summary> /// Creates a one-way password hash (crypted password) from a password string. /// Options modify the crypt operation. /// </summary> /// <param name="password">The password string. Characters are UTF-8 encoded.</param> /// <param name="options">Options modifying the crypt operation.</param> /// <returns>The crypted password.</returns> public string Crypt(string password, CrypterOptions options) { return Crypt(password, GenerateSalt(options)); }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); string prefix; switch (options.GetValue(CrypterOption.Variant, MD5CrypterVariant.Standard)) { case MD5CrypterVariant.Standard: prefix = "$1$"; break; case MD5CrypterVariant.Apache: prefix = "$apr1$"; break; default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant."); } return prefix + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6)); }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); switch (options.GetValue(CrypterOption.Variant, LdapCrypterVariant.SSha)) { case LdapCrypterVariant.Crypt: Crypter crypter = options.GetValue<Crypter>(LdapCrypterOption.Crypter); if (crypter == null) { throw Exceptions.Argument("LdapCrypterOption.Crypter", "Crypter not set. Did you intend Crypter.TraditionalDes (the slappasswd default)?"); } CrypterOptions crypterOptions = options.GetValue(LdapCrypterOption.CrypterOptions, CrypterOptions.None); return "{CRYPT}" + crypter.GenerateSalt(crypterOptions); case LdapCrypterVariant.SSha: return "{SSHA}" + Convert.ToBase64String(Security.GenerateRandomBytes(8)); case LdapCrypterVariant.SMD5: return "{SMD5}" + Convert.ToBase64String(Security.GenerateRandomBytes(8)); case LdapCrypterVariant.Sha: return "{SHA}"; case LdapCrypterVariant.MD5: return "{MD5}"; case LdapCrypterVariant.Cleartext: return "{CLEARTEXT}"; default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant."); } }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); int? rounds = options.GetValue<int?>(CrypterOption.Rounds); if (rounds != null) { Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds); } return CryptPrefix + (rounds != null ? string.Format("rounds={0}$", rounds) : "") + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(12)); }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); string salt; do { salt = Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(2)).Substring(0, 2); } while (FilterSalt(salt) != salt); return salt; }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); int rounds = options.GetValue(CrypterOption.Rounds, 14); Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds); string prefix; switch (options.GetValue(CrypterOption.Variant, PhpassCrypterVariant.Standard)) { case PhpassCrypterVariant.Standard: prefix = "$P$"; break; case PhpassCrypterVariant.Phpbb: prefix = "$H$"; break; case PhpassCrypterVariant.Drupal: prefix = "$S$"; break; default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant."); } return prefix + Base64Encoding.UnixMD5.GetChar(rounds) + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6)); }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); int rounds = options.GetValue(CrypterOption.Rounds, 6); Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds); string prefix; switch (options.GetValue(CrypterOption.Variant, BlowfishCrypterVariant.Unspecified)) { case BlowfishCrypterVariant.Unspecified: prefix = "$2a$"; break; case BlowfishCrypterVariant.Compatible: prefix = "$2x$"; break; case BlowfishCrypterVariant.Corrected: prefix = "$2y$"; break; default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant."); } return prefix + rounds.ToString("00") + '$' + Base64Encoding.Blowfish.GetString(Security.GenerateRandomBytes(16)); }
/// <inheritdoc /> public override string GenerateSalt(CrypterOptions options) { Check.Null("options", options); int? rounds = options.GetValue<int?>(CrypterOption.Rounds); if (rounds != null) { Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds); } byte[] roundsBytes = new byte[3], saltBytes = null; try { BitPacking.LEBytesFromUInt24((uint)(rounds ?? 4321), roundsBytes, 0); saltBytes = Security.GenerateRandomBytes(3); return "_" + Base64Encoding.UnixMD5.GetString(roundsBytes) + Base64Encoding.UnixMD5.GetString(saltBytes); } finally { Security.Clear(roundsBytes); Security.Clear(saltBytes); } }