123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 |
- using System;
- using System.Security.Cryptography;
-
- namespace iiie.Authentication.Business.JWT
- {
-
-
-
- public static class PasswordHash
- {
- private const int ITERATION_INDEX = 0;
- private const int SALT_INDEX = 1;
- private const int PBKDF2_INDEX = 2;
-
-
-
-
-
-
- public static string CreateHash(string password)
- {
-
-
-
- return "";
- }
-
-
-
-
-
-
-
- public static bool ValidatePassword(string password, string correctHash)
- {
-
- char[] delimiter = { ':' };
- string[] split = correctHash.Split(delimiter);
- int iterations = Int32.Parse(split[ITERATION_INDEX]);
- byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
- byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
-
- byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
- return SlowEquals(hash, testHash);
- }
-
-
- private static bool SlowEquals(byte[] a, byte[] b)
- {
- uint diff = (uint)a.Length ^ (uint)b.Length;
- for (int i = 0; i < a.Length && i < b.Length; i++)
- diff |= (uint)(a[i] ^ b[i]);
- return diff == 0;
- }
-
-
-
-
-
-
-
-
-
- private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
- {
- Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
- pbkdf2.IterationCount = iterations;
- return pbkdf2.GetBytes(outputBytes);
- }
- }
- }
|