/// <summary> /// validate the password /// </summary> /// <param name="password"></param> /// <param name="dbHash"></param> /// <returns>bool slow hash</returns> public bool ValidatePassword(string password, string dbHash) { char[] delimiter = { ':' }; string[] split = dbHash.Split(delimiter); byte[] salt = Convert.FromBase64String(split[0]); byte[] hash = Convert.FromBase64String(split[1]); string sha256 = split[2]; /* byte[] byteArray = Encoding.ASCII.GetBytes(password); * MemoryStream stream = new MemoryStream(byteArray); * List<byte> temp = SHA256Imp.Hash(stream); * * string newHash = ArrayToString(temp);*/ SHA256Imp s = new SHA256Imp(); //s.ValidatePassword(password, salt2); byte[] hashToValidate = PBKDF2(password, salt, PBKDF2_ITT, hash.Length); if (SlowEquals(hash, hashToValidate) == true && s.ValidatePassword(password, sha256) == true) { return(true); } else { return(false); } }
// main function public List <byte> Hash(string password) { SHA256Imp sha256 = new SHA256Imp(); byte[] buf = new byte[8196]; uint bytes_read; do { //bytes_read = (uint)stream.Read(buf, 0, buf.Length); bytes_read = (uint)password.Length; if (bytes_read == 0) { break; } else { byte[] ba = Encoding.Default.GetBytes(password); for (int i = 0; i < ba.Length; i++) { buf[i] = ba[i]; } /* buf[0] = 12; * buf[1] = 0x5;*/ } sha256.ProcessBytes(buf, 0, bytes_read); }while (bytes_read == 8196); return(sha256.GetHash()); }
/// <summary> /// get password as an input , building a random salt, using the password and the salt creates a hash . /// </summary> /// <param name="password"></param> /// <returns>string converted</returns> public string CreateHash(string password) { string newHash; string newHash2; RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider(); byte[] salt = new byte[SALT_SIZE]; // random salt csprng.GetBytes(salt); // byte[] byteArray = Encoding.ASCII.GetBytes(password); // MemoryStream stream = new MemoryStream(byteArray); // MemoryStream s1 = GenerateStreamFromString(password); /* using (var stream = GenerateStreamFromString(password)) * { * * List<byte> temp = SHA256Imp.Hash(stream); * * newHash = ArrayToString(temp); * * * Clear(stream); * }*/ //s1.Close(); //s1.Dispose(); //byte[] salt = Convert.(newHash); SHA256Imp hasher1 = new SHA256Imp(); List <byte> temp = hasher1.Hash(password); newHash = ArrayToString(temp); /* SHA256Imp hasher2 = new SHA256Imp(); * List<byte> temp2 = hasher2.Hash(password); * * newHash2 = ArrayToString(temp2);*/ byte[] hash = PBKDF2(password, salt, PBKDF2_ITT, HASH_SIZE); return(Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash) + ":" + newHash); }