/// <summary> /// Create an Apache compatible MD5 encoded password based off of the raw input. The output will be in form /// $apr1$salt$hash /// </summary> static public string ApacheEncrypt(string password) { StringBuilder salt = new StringBuilder(); Random randgen = new Random(); while (salt.Length < 8) { int index = (int)(randgen.NextDouble() * ValidSaltCharacters.Length); salt.Append(ValidSaltCharacters.Substring(index, 1)); } return(ApacheEncryption.ApacheEncrypt(password, salt.ToString())); }
/// <summary> /// Verifies that <paramref name="plainText"/> would result in <paramref name="hashedValue"/> if hashed based on /// the algorithm. /// </summary> static public bool VerifyPassword(string plainText, string hashedValue) { if (hashedValue.StartsWith("$1$")) { return(hashedValue.Equals(ApacheEncryption.Encrypt(plainText, hashedValue))); } else if (hashedValue.StartsWith("$apr1$")) { return(hashedValue.Equals(ApacheEncryption.ApacheEncrypt(plainText, hashedValue))); } else { throw new InvalidOperationException("Bad plain text input, does not conform to Apache."); } }