public static string HashPassword(string password, int iterations)
{
byte[] salt;
byte[] buffer2;
if (password == null)
{
throw new ArgumentNullException("password");
}
using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, _saltSize, iterations))
{
salt = bytes.S;
buffer2 = bytes.GetBytes(_hashSize);
}
byte[] dst = new byte[_saltSize + _hashSize + 1];
Buffer.BlockCopy(salt, 0, dst, 1, _saltSize);
Buffer.BlockCopy(buffer2, 0, dst, _saltSize + 1, _hashSize);
return string.Format("{0}{2}{1}", iterations, System.Convert.ToBase64String(dst), _splitter);
}
public static bool VerifyPassword(string password, string hashedPassword)
{
byte[] inputPwHash;
if (hashedPassword == null)
{
return false;
}
if (password == null)
{
throw new ArgumentNullException("password");
}
int splitter = hashedPassword.IndexOf(_splitter);
//Iterations
int i;
if (!int.TryParse(hashedPassword.Substring(0, splitter), out i))
i = _iterationCount;
//Hash
string h = hashedPassword.Substring(splitter + 1);
byte[] src = System.Convert.FromBase64String(h);
if ((src.Length != _finalHashSize) || (src[0] != 0))
{
return false;
}
byte[] extractedSalt = new byte[_saltSize];
Buffer.BlockCopy(src, 1, extractedSalt, 0, _saltSize);
byte[] storedPwHash = new byte[_hashSize];
Buffer.BlockCopy(src, _saltSize + 1, storedPwHash, 0, _hashSize);
using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, extractedSalt, i))
{
inputPwHash = bytes.GetBytes(_hashSize);
}
return SlowEquals(storedPwHash, inputPwHash);
}
