1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- using System;
- using System.Security.Cryptography;
-
- namespace iiie.Authentication.Business.JWT
- {
-
-
-
- public static class PasswordHash
- {
- private const int ITERATION_INDEX = 0;
- private const int SALT_INDEX = 1;
- private const int PBKDF2_INDEX = 2;
-
- private const int SALT_BYTE_SIZE = 24;
- private const int HASH_BYTE_SIZE = 42;
- private const int PBKDF2_ITERATIONS = 2048;
-
-
-
-
-
-
- public static string CreateHash(string password)
- {
-
- RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
- byte[] salt = new byte[SALT_BYTE_SIZE];
- csprng.GetBytes(salt);
-
-
- byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
- return PBKDF2_ITERATIONS + ":" +
- Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
- }
-
-
-
-
-
-
-
- public static bool ValidatePassword(string password, string correctHash)
- {
-
- char[] delimiter = { ':' };
- string[] split = correctHash.Split(delimiter);
- int iterations = Int32.Parse(split[ITERATION_INDEX]);
- byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
- byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
-
- byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
- return SlowEquals(hash, testHash);
- }
-
-
- private static bool SlowEquals(byte[] a, byte[] b)
- {
- uint diff = (uint)a.Length ^ (uint)b.Length;
- for (int i = 0; i < a.Length && i < b.Length; i++)
- diff |= (uint)(a[i] ^ b[i]);
- return diff == 0;
- }
-
-
-
-
-
-
-
-
-
- private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
- {
- Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
- pbkdf2.IterationCount = iterations;
- return pbkdf2.GetBytes(outputBytes);
- }
- }
- }
|