public static byte[] ConcatenatedSaltAndSaltedHash(string passwordStr)
{
// hash password with salt.. still trying to understand a bit about the difference between unicode and base 64 string so for now we are just dealing with byte arrays
byte[] salt = HelperMethods.CreateSalt(HelperMethods.salt_length);
byte[] password = HelperMethods.GenerateSaltedHash(Encoding.UTF8.GetBytes(passwordStr), salt);
byte[] concatenated = new byte[salt.Length + password.Length];
Buffer.BlockCopy(salt, 0, concatenated, 0, salt.Length);
Buffer.BlockCopy(password, 0, concatenated, salt.Length, password.Length);
return(concatenated);
}
/// <summary>
/// Compare string input to store hash and salt combo
/// </summary>
/// <param name="input"></param>
/// <param name="storedPassword"></param>
/// <returns></returns>
/// <remarks> TODO move this to Helper</remarks>
private bool ValidatePassword(string input, byte[] storedPassword)
{
byte[] passwordHash = new byte[storedPassword.Length - HelperMethods.salt_length];
byte[] salt = new byte[HelperMethods.salt_length];;
Buffer.BlockCopy(storedPassword, 0, salt, 0, salt.Length); // get salt
Buffer.BlockCopy(storedPassword, HelperMethods.salt_length, passwordHash, 0, passwordHash.Length); // get hash
// successful login.. compare user hash to the hash generated from the inputted password and salt
if (passwordHash.SequenceEqual(HelperMethods.GenerateSaltedHash(Encoding.UTF8.GetBytes(input), salt)))
{
return(true);
}
else
{
return(false);
}
}
