//-------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Tests the encryption methods /// </summary> public static bool Test() { bool success = false; //----------------------------------------------------------------------------------------------------------------------------------------------------------- // Test the general encryption stuff ... SecureString tempKey = MGLEncryption.GenerateKey(); Console.WriteLine(tempKey); MGLEncryption.SetCryptKey = tempKey; StringBuilder testStr = new StringBuilder("What a lovely __ time of it!"); StringBuilder encryptedStr = MGLEncryption.Encrypt(testStr); StringBuilder decryptedStr = MGLEncryption.Decrypt(encryptedStr); bool theSame = MGLEncryption.Compare(testStr, encryptedStr); bool theSameStr = AreEqual(testStr, decryptedStr); bool notTheSame = MGLEncryption.Compare(new StringBuilder("Oh dear"), encryptedStr); StringBuilder htmledStr = MGLEncryption.HTMLifyString(encryptedStr); StringBuilder deHtmledStr = MGLEncryption.DeHTMLifyString(htmledStr); bool htmlWorking = MGLEncryption.AreEqual(deHtmledStr, encryptedStr); // Now test the password stuff ... SecureString tempKey2 = MGLEncryption.GenerateKey(); Console.WriteLine(tempKey2); success = (theSame == true) && (theSameStr == true) && (notTheSame == false) && (htmlWorking == true); return(success); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Compares two passwords - note that this method includes a Threading element so that hackers cannot tell how similar strings are /// by using code to time the comparison - e.g. a match on the first and second chars will be marginally slower than one that does not /// match on the first character /// /// The test password is UNencrypted, while the current password is fully encrypted ... /// </summary> public static bool Compare(StringBuilder testPassword, StringBuilder currentPassword) { bool success = false; string[] bits = null; try { // get the attributes from the current Password // have to conver it to a string unfortunately to split on the colons .... bits = currentPassword.ToString().Split(new string[] { ":" }, StringSplitOptions.None); int numIterations = 0; int.TryParse(bits[3], out numIterations); // Encrypt the test password StringBuilder encryptedTestPassword = Encrypt(testPassword, bits[1], bits[2], numIterations); // now do basic string comparison to compare the two strings! if (MGLEncryption.AreEqual(encryptedTestPassword, currentPassword) == true) { success = true; } } catch (Exception ex) { Logger.LogError(9, "MGLPasswordHash - error occurred while comparing two passwords: " + ex.ToString()); } finally { // always kill the array of bits bits = null; } // Now introduce a random response element, delaying by up to 100 ms. (0.1 seconds) Thread.Sleep(new Random().Next(0, 100)); return(success); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Compares the two secure strings and returns true if they are equivalent textually, both null or both empty /// if isCaseSensitive == true, we also compare the case sensitivity of the information - but this needs a string comparison /// so will result in strings popping into memory and is probably a little bit slower ... /// </summary> public static bool AreEqual(SecureString ss1, SecureString ss2, bool isCaseSensitive) { return(MGLEncryption.AreEqual(SecureStringWrapper.Decrypt(ss1), SecureStringWrapper.Decrypt(ss2), isCaseSensitive)); }