public void WhenStringIsHashedItCanBeVerified()
{
// Arrange
string password = "******";
// Act
string hash = V3Hasher.GenerateHash(password);
// Assert
Assert.True(V3Hasher.VerifyHash(hash, password));
}
public void WhenStringIsHashedAsBytesItCanBeVerified()
{
// Arrange
string password = "******";
// Act
byte[] hash = V3Hasher.GenerateHashAsBytes(password);
// Assert
Assert.True(V3Hasher.VerifyHash(hash, password));
}
public void WhenWrongStringIsVerifiedThenVerificationFails()
{
// Arrange
string password = "******";
string hash = V3Hasher.GenerateHash(password);
// Act
bool verify = V3Hasher.VerifyHash(hash, password + "1");
// Assert
Assert.False(verify);
}
public void WhenHashIsInvalidVerificationFails()
{
// Arrange
string password = "******";
string hash = V3Hasher.GenerateHash(password);
byte[] badHash = Convert.FromBase64String(hash);
badHash[0] = 0x0;
// Act
// The first bit should be 0x01 in the algorithm we use. Make sure we fail if it's not.
bool verify = V3Hasher.VerifyHash(Convert.ToBase64String(badHash), password);
// Assert
Assert.False(verify);
}
public void ProcessingTimesForSuccessfulAuthAndFailedAuthAreSimilar()
{
// Arrange
double allowedDiffPercent = 0.05;
int repetitions = 1000;
string password = "******";
string hash = V3Hasher.GenerateHash(password);
// Act
var successStopWatch = new Stopwatch();
var failureStopWatch = new Stopwatch();
successStopWatch.Start();
for (int i = 0; i < repetitions; i++)
{
V3Hasher.VerifyHash(hash, password);
}
successStopWatch.Stop();
failureStopWatch.Start();
for (int i = 0; i < repetitions; i++)
{
V3Hasher.VerifyHash(hash, password + "1");
}
failureStopWatch.Stop();
double diffPercent = ((double)successStopWatch.ElapsedTicks - (double)failureStopWatch.ElapsedTicks) /
(double)successStopWatch.ElapsedTicks;
Assert.True(Math.Abs(diffPercent) < allowedDiffPercent);
}
