public void WhenStringIsHashedItCanBeVerified() { // Arrange string password = "******"; // Act string hash = V3Hasher.GenerateHash(password); // Assert Assert.True(V3Hasher.VerifyHash(hash, password)); }
public void WhenWrongStringIsVerifiedThenVerificationFails() { // Arrange string password = "******"; string hash = V3Hasher.GenerateHash(password); // Act bool verify = V3Hasher.VerifyHash(hash, password + "1"); // Assert Assert.False(verify); }
public void WhenHashIsInvalidVerificationFails() { // Arrange string password = "******"; string hash = V3Hasher.GenerateHash(password); byte[] badHash = Convert.FromBase64String(hash); badHash[0] = 0x0; // Act // The first bit should be 0x01 in the algorithm we use. Make sure we fail if it's not. bool verify = V3Hasher.VerifyHash(Convert.ToBase64String(badHash), password); // Assert Assert.False(verify); }
public void ProcessingTimesForSuccessfulAuthAndFailedAuthAreSimilar() { // Arrange double allowedDiffPercent = 0.05; int repetitions = 1000; string password = "******"; string hash = V3Hasher.GenerateHash(password); // Act var successStopWatch = new Stopwatch(); var failureStopWatch = new Stopwatch(); successStopWatch.Start(); for (int i = 0; i < repetitions; i++) { V3Hasher.VerifyHash(hash, password); } successStopWatch.Stop(); failureStopWatch.Start(); for (int i = 0; i < repetitions; i++) { V3Hasher.VerifyHash(hash, password + "1"); } failureStopWatch.Stop(); double diffPercent = ((double)successStopWatch.ElapsedTicks - (double)failureStopWatch.ElapsedTicks) / (double)successStopWatch.ElapsedTicks; Assert.True(Math.Abs(diffPercent) < allowedDiffPercent); }