/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int rounds = options.GetValue(CrypterOption.Rounds, 6);
Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds);
string prefix;
switch (options.GetValue(CrypterOption.Variant, BlowfishCrypterVariant.Unspecified))
{
case BlowfishCrypterVariant.Unspecified: prefix = "$2a$"; break;
case BlowfishCrypterVariant.Compatible: prefix = "$2x$"; break;
case BlowfishCrypterVariant.Corrected: prefix = "$2y$"; break;
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
return(prefix
+ rounds.ToString("00") + '$'
+ Base64Encoding.Blowfish.GetString(Security.GenerateRandomBytes(16)));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int rounds = options.GetValue(CrypterOption.Rounds, 14);
Check.Range("CrypterOption.Rounds", rounds, MinRounds, MaxRounds);
string prefix;
switch (options.GetValue(CrypterOption.Variant, PhpassCrypterVariant.Standard))
{
case PhpassCrypterVariant.Standard: prefix = "$P$"; break;
case PhpassCrypterVariant.Phpbb: prefix = "$H$"; break;
case PhpassCrypterVariant.Drupal: prefix = "$S$"; break;
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
return(prefix
+ Base64Encoding.UnixMD5.GetChar(rounds)
+ Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6)));
}
/// <summary>
/// Creates a one-way password hash (crypted password) from password bytes.
/// Options modify the crypt operation.
/// </summary>
/// <param name="password">The bytes of the password.</param>
/// <param name="options">Options modifying the crypt operation.</param>
/// <returns>The crypted password.</returns>
public string Crypt(byte[] password, CrypterOptions options)
{
Check.Null("password", password);
Check.Null("options", options);
return(Crypt(password, GenerateSalt(options)));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int?rounds = options.GetValue <int?>(CrypterOption.Rounds);
if (rounds != null)
{
Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds);
}
byte[] roundsBytes = new byte[3], saltBytes = null;
try
{
BitPacking.LEBytesFromUInt24((uint)(rounds ?? 4321), roundsBytes, 0);
saltBytes = Security.GenerateRandomBytes(3);
return("_"
+ Base64Encoding.UnixMD5.GetString(roundsBytes)
+ Base64Encoding.UnixMD5.GetString(saltBytes));
}
finally
{
Security.Clear(roundsBytes);
Security.Clear(saltBytes);
}
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
string salt;
do
{
salt = Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(2)).Substring(0, 2);
}while (FilterSalt(salt) != salt);
return(salt);
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
int?rounds = options.GetValue <int?>(CrypterOption.Rounds);
if (rounds != null)
{
Check.Range("CrypterOption.Rounds", (int)rounds, MinRounds, MaxRounds);
}
return(CryptPrefix
+ (rounds != null ? string.Format("rounds={0}$", rounds) : "")
+ Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(12)));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
string prefix;
switch (options.GetValue(CrypterOption.Variant, MD5CrypterVariant.Standard))
{
case MD5CrypterVariant.Standard: prefix = "$1$"; break;
case MD5CrypterVariant.Apache: prefix = "$apr1$"; break;
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
return(prefix + Base64Encoding.UnixMD5.GetString(Security.GenerateRandomBytes(6)));
}
/// <inheritdoc />
public override string GenerateSalt(CrypterOptions options)
{
Check.Null("options", options);
switch (options.GetValue(CrypterOption.Variant, LdapCrypterVariant.SSha))
{
case LdapCrypterVariant.Crypt:
Crypter crypter = options.GetValue <Crypter>(LdapCrypterOption.Crypter);
if (crypter == null)
{
throw Exceptions.Argument("LdapCrypterOption.Crypter",
"Crypter not set. Did you intend Crypter.TraditionalDes (the slappasswd default)?");
}
CrypterOptions crypterOptions = options.GetValue(LdapCrypterOption.CrypterOptions, CrypterOptions.None);
return("{CRYPT}" + crypter.GenerateSalt(crypterOptions));
case LdapCrypterVariant.SSha512: return("{SSHA512}" + GenerateSaltString());
case LdapCrypterVariant.SSha384: return("{SSHA384}" + GenerateSaltString());
case LdapCrypterVariant.SSha256: return("{SSHA256}" + GenerateSaltString());
case LdapCrypterVariant.SSha: return("{SSHA}" + GenerateSaltString());
case LdapCrypterVariant.SMD5: return("{SMD5}" + GenerateSaltString());
case LdapCrypterVariant.Sha512: return("{SHA512}");
case LdapCrypterVariant.Sha384: return("{SHA384}");
case LdapCrypterVariant.Sha256: return("{SHA256}");
case LdapCrypterVariant.Sha: return("{SHA}");
case LdapCrypterVariant.MD5: return("{MD5}");
case LdapCrypterVariant.Cleartext: return("{CLEARTEXT}");
default: throw Exceptions.ArgumentOutOfRange("CrypterOption.Variant", "Unknown variant.");
}
}
private void btn_Register_Click(object sender, EventArgs e)
{
string xregusername = txt_regusername.Text;
string xregname = txt_regname.Text;
string xpassword = txt_regpass.Text;
string xconfirmpass = txt_regpassconf.Text;
int xisAdmin;
if (chk_admin.Checked == true)
{
xisAdmin = 1;
}
else
{
xisAdmin = 0;
}
if (xregusername == "")
{
MessageBox.Show("Username cannot be blank", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txt_regusername.Focus();
return;
}
if (xregname == "")
{
MessageBox.Show("Name cannot be blank!", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txt_regname.Focus();
return;
}
if (xpassword == "")
{
MessageBox.Show("Password cannot be blank", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txt_regpass.Focus();
return;
}
if (xconfirmpass == "")
{
MessageBox.Show("Confirm Password cannot be blank", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txt_regpassconf.Focus();
return;
}
if (xpassword != xconfirmpass)
{
MessageBox.Show("Password did not match", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Stop);
return;
}
MySqlConnection xsqlcon = new MySqlConnection(xsqlconnstring);
xsqlcon.Open();
string checkifExists = "Select * from users where username='******'";
MySqlCommand xsqlcmd = new MySqlCommand(checkifExists, xsqlcon);
MySqlDataAdapter xsqlda = new MySqlDataAdapter();
xsqlda.SelectCommand = xsqlcmd;
DataTable dt = new DataTable();
xsqlda.Fill(dt);
if (dt.Rows.Count >= 1)
{
MessageBox.Show("Username already taken!", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
txt_regusername.Focus();
}
else
{
const int factor = 12;
var xoptions = new CryptSharp.CrypterOptions
{
{ CryptSharp.CrypterOption.Rounds, factor },
{ CryptSharp.CrypterOption.Variant, CryptSharp.BlowfishCrypterVariant.Corrected }
};
string xhashpass = CryptSharp.BlowfishCrypter.Blowfish.Crypt(xpassword, xoptions);
string xinsertQuery = "Insert into users (username,password,name,isAdmin) values (@username,@password,@name,@isAdmin)";
MySqlCommand xsqlcmd2 = new MySqlCommand(xinsertQuery, xsqlcon);
xsqlcmd2.Parameters.AddWithValue("@username", xregusername);
xsqlcmd2.Parameters.AddWithValue("@password", xhashpass);
xsqlcmd2.Parameters.AddWithValue("@name", xregname);
xsqlcmd2.Parameters.AddWithValue("@isAdmin", xisAdmin);
xsqlcmd2.ExecuteNonQuery();
MessageBox.Show("User successfully registered!", "System Message", MessageBoxButtons.OK, MessageBoxIcon.Information);
clearText();
}
xsqlcon.Close();
}
/// <summary> /// Generates a salt string. Options are used to modify the salt generation. /// The purpose of salt is to make dictionary attacks against a whole password database much harder, /// by causing the crypted password to be different even if two users have the same uncrypted password. /// /// Randomness in a crypted password comes from its salt string, as do all recorded options. /// The same salt string, when combined with the same password, will generate the same crypted password. /// If the salt string differs, the same password will generate a different crypted password /// (crypted passwords have the form <c>algorithm+salt+hash</c>, so the salt is always carried along /// with the crypted password). /// </summary> /// <param name="options">Options modifying the salt generation.</param> /// <returns>The salt string.</returns> public abstract string GenerateSalt(CrypterOptions options);
/// <summary>
/// Creates a one-way password hash (crypted password) from a password string.
/// Options modify the crypt operation.
/// </summary>
/// <param name="password">The password string. Characters are UTF-8 encoded.</param>
/// <param name="options">Options modifying the crypt operation.</param>
/// <returns>The crypted password.</returns>
public string Crypt(string password, CrypterOptions options)
{
return(Crypt(password, GenerateSalt(options)));
}
static CrypterOptions()
{
None = new CrypterOptions().MakeReadOnly();
}
