Exemplo n.º 1
0
        /// <summary>
        /// Hashes a Password and returns a hash fingerprint
        /// </summary>
        /// <param name="password"></param>
        /// <returns></returns>
        public string PasswordHash(CryptoString password)
        {
            Hasher hasher = new Hasher();
            string pepper;
            string hash;

            // Generate Pepper
            pepper = new string(Enumerable.Repeat(Options.PepperChars, 1).Select(s => s[random.Next(s.Length)]).ToArray());

            // Create your hash
            hash = hasher.SecureHash(CryptoString.SecureStringToString(password.GetSecureString()) + Options.Salt + pepper, SecureHashDelay);

            return(hash);
        }
Exemplo n.º 2
0
        public void CryptoString_BasicUsuage()
        {
            string       password     = "******";
            SecureString secureString = CryptoString.StringToSecureString(password);             // Only used for test
            string       decryptedString;

            CryptoString crypto = new CryptoString(secureString);

            // Make sure the ToString DOES NOT return the string
            decryptedString = crypto.ToString();
            Assert.IsFalse(decryptedString.Equals(password));

            // Use this only if SecureString is not accepted
            string useString = CryptoString.SecureStringToString(crypto.GetSecureString());

            ////////////////////////////////////////////
            // You can now use the useString variable
            ////////////////////////////////////////////
            // When you done fill the variable full of random Text
            // NOTE: Not totally secure, but an added level of obsfucation
            useString = CryptoString.GenerateRandomText(10000);
        }
Exemplo n.º 3
0
        /// <summary>
        /// Checks a password against its hash to validate if it matches. The check automagically handles incorporating the Salt and even checks
        /// against all the Pepper value as well. As a User you just pass in the password and Hash and let the method do the work for you.
        /// </summary>
        /// <param name="password"></param>
        /// <param name="hash"></param>
        /// <returns></returns>
        public bool PasswordCheck(CryptoString password, string hash)
        {
            Hasher hasher     = new Hasher();
            bool   isValid    = false;
            int    iterations = 0;

            foreach (var c in Options.PepperChars.ToArray())
            {
                iterations++;
                string attemptPassword = password + Options.Salt + c;
                string attemptHash     = hasher.SecureHash(CryptoString.SecureStringToString(password.GetSecureString()) + Options.Salt + c, SecureHashDelay);

                // Check if you got a hit
                if (hash.Equals(attemptHash))
                {
                    // You got a hit so the Password is Valid
                    isValid = true;
                    Debug.WriteLine($"Found a hit after {iterations} iterations.");
                    break;
                }
            }
            return(isValid);
        }