// TODO: should this function follow the, apparent, dodSON.Core pattern of putting functions like this into ...Helper classes?
/// <summary>
/// Generates the Password Salt Result Hash.
/// </summary>
/// <param name="hashAlgorithm">The required <see cref="System.Security.Cryptography.HashAlgorithm"/>.</param>
/// <param name="password">The password.</param>
/// <param name="salt">The salt.</param>
/// <returns>The generated Password Salt Result Hash.</returns>
public static byte[] ComputeResult(System.Security.Cryptography.HashAlgorithm hashAlgorithm,
System.Security.SecureString password,
byte[] salt)
{
// merge salt and password
byte[] saltedPassword = new byte[salt.Length + password.Length];
byte[] passwordArray = null;
try
{
// add the salt
for (int i = 0; i < salt.Length; i++)
{
saltedPassword[i] = salt[i];
}
// extract the password
passwordArray = CryptographyHelper.SecureStringToByteArray(password);
// add the password
for (int i = 0; i < passwordArray.Length; i++)
{
saltedPassword[salt.Length + i] = passwordArray[i];
}
// return result hash
return(hashAlgorithm.ComputeHash(saltedPassword));
}
finally
{
// clean up
Array.Clear(saltedPassword, 0, saltedPassword.Length);
Array.Clear(passwordArray, 0, passwordArray.Length);
}
}
/// <summary>
/// Will create a <see cref="SaltedPassword"/> using the given password and a cryptographically random salt of the specified length.
/// </summary>
/// <param name="hashAlgorithmType">The <see cref="System.Security.Cryptography.HashAlgorithm"/> type to use when creating the result hash.</param>
/// <param name="password">The password to use when creating the result hash.</param>
/// <param name="saltLength">The length of the byte array, which will be filled with cryptographically random values, to create for the salt.</param>
public SaltedPassword(Type hashAlgorithmType,
System.Security.SecureString password,
int saltLength)
: this(hashAlgorithmType, password, CryptographyHelper.GenerateCryptographicallyRandomArray(saltLength))
{
}