Пример #1
0
        /// <summary>
        /// Hashes the passed in string with a random salt using the Pbkdf2 hashing algorithm using HMAC SHA512. The salt is embedded
        /// into the result which is then Base64 encoded as a string.
        /// </summary>
        /// <param name="password">The string to hash. If this string is already an MD5, basd64 encoded hash, set performPreMD5Hashing to false</param>
        /// <param name="performPreMD5Hashing">Old versions of HnD used MD5 hashed passwords and to migrate these to Pbkdf2 we rehashed the MD5Hashed variants.
        /// To signal the passed in password is already an MD5 base64 hash, this flag has to be false. If the password is the plain password as specified
        /// by the user, this flag has to be true. </param>
        /// <returns>the base64 encoded byte array which contains the salt and the hash and which is ready to be saved in the database</returns>
        public static string HashPassword(string password, bool performPreMD5Hashing)
        {
            var salt = new byte[PasswordSaltLengthBytes];

            _rng.GetBytes(salt);
            var resultAsByteArray = HnDGeneralUtils.PerformPbkdf2Hashing(password, salt, performPreMD5Hashing);

            return(Convert.ToBase64String(resultAsByteArray));
        }
Пример #2
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="password">The string to hash. If this string is already an MD5, basd64 encoded hash, set performPreMD5Hashing to false</param>
        /// <param name="salt">the byte array with the rng produced salt to use for hashing the password specified</param>
        /// <param name="performPreMD5Hashing">Old versions of HnD used MD5 hashed passwords and to migrate these to Pbkdf2 we rehashed the MD5Hashed variants.
        ///     To signal the passed in password is already an MD5 base64 hash, this flag has to be false. If the password is the plain password as specified
        ///     by the user, this flag has to be true. </param>
        /// <returns>byte array with the salt in the lower indexes and the pbkdf2 hash bytes in the higher indexes</returns>
        private static byte[] PerformPbkdf2Hashing(string password, byte[] salt, bool performPreMD5Hashing)
        {
            // see if we need to pre-hash the passed in string. See note above.
            var passwordToHash = performPreMD5Hashing ? HnDGeneralUtils.CreateMD5HashedBase64String(password) : password;
            var prf            = KeyDerivationPrf.HMACSHA512;

            byte[] hashedPassword = KeyDerivation.Pbkdf2(passwordToHash, salt, prf, Pbkdf2Iterations, Pbkdf2HashLengthBytes);

            // create a byte array with both the salt (in the lower indices) and the hashed result (higher indices) and base64 encode that as a single string.
            // [<salt> (PasswordSaltLengthBytes in length) | <Pbkdf2 hashed pwd bytes> (Pbkdf2HashLengthBytes in length]
            var resultAsByteArray = new byte[PasswordSaltLengthBytes + Pbkdf2HashLengthBytes];

            Array.Copy(salt, 0, resultAsByteArray, 0, PasswordSaltLengthBytes);
            Array.Copy(hashedPassword, 0, resultAsByteArray, PasswordSaltLengthBytes, Pbkdf2HashLengthBytes);
            return(resultAsByteArray);
        }