Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

PasswordHash.cs 3.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. using System;
  2. using System.Security.Cryptography;
  3. namespace iiie.Authentication.Business.JWT
  4. {
  5. /// <summary>
  6. /// Hash generator for passwords
  7. /// </summary>
  8. public static class PasswordHash
  9. {
  10. private const int ITERATION_INDEX = 0;
  11. private const int SALT_INDEX = 1;
  12. private const int PBKDF2_INDEX = 2;
  13. /// <summary>
  14. /// Crée un hash à partir du password
  15. /// </summary>
  16. /// <param name="password">le password à hasher</param>
  17. /// <returns>le hash du password</returns>
  18. public static string CreateHash(string password)
  19. {
  20. // génaration du SALT aléatoire
  21. /*RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
  22. byte[] salt = new byte[AuthProvider.Instance.GetPasswordSaltByteSize()];
  23. csprng.GetBytes(salt);
  24. // hash le password et création de la chaine avec les paramêtres
  25. byte[] hash = PBKDF2(password, salt, AuthProvider.Instance.GetPasswordIterations(),
  26. AuthProvider.Instance.GetPasswordSaltByteSize());
  27. return AuthProvider.Instance.GetPasswordIterations() + ":" +
  28. Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);*/
  29. return "";
  30. }
  31. /// <summary>
  32. /// Valide le password en adequation avec le hash
  33. /// </summary>
  34. /// <param name="password">le password à vérifier</param>
  35. /// <param name="correctHash">le hash du password stocké en base</param>
  36. /// <returns>True si c'est bon sinon false</returns>
  37. public static bool ValidatePassword(string password, string correctHash)
  38. {
  39. // Extraction des paramêtres du hash
  40. char[] delimiter = { ':' };
  41. string[] split = correctHash.Split(delimiter);
  42. int iterations = Int32.Parse(split[ITERATION_INDEX]);
  43. byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
  44. byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
  45. byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
  46. return SlowEquals(hash, testHash);
  47. }
  48. private static bool SlowEquals(byte[] a, byte[] b)
  49. {
  50. uint diff = (uint)a.Length ^ (uint)b.Length;
  51. for (int i = 0; i < a.Length && i < b.Length; i++)
  52. diff |= (uint)(a[i] ^ b[i]);
  53. return diff == 0;
  54. }
  55. /// <summary>
  56. /// Calcul le PBKDF2-SHA1 hash du password.
  57. /// </summary>
  58. /// <param name="password">The password à hasher</param>
  59. /// <param name="salt">le salt</param>
  60. /// <param name="iterations">le nombre d'itération</param>
  61. /// <param name="outputBytes">la longueur du hash à générer</param>
  62. /// <returns>le hash du password.</returns>
  63. private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
  64. {
  65. Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
  66. pbkdf2.IterationCount = iterations;
  67. return pbkdf2.GetBytes(outputBytes);
  68. }
  69. }
  70. }