Scribd Logo
Importer

Bienvenue sur Scribd !

  • 123

    Transféré par

    syed najaf ali
    42 vues3 pages
    This document describes a SecurePasswordHasherHelper class that provides methods for securely hashing passwords. The class uses a random salt, PBKDF2 algorithm, and stores the salt and hash together in a formatted string. It includes methods to hash a password, check if a hash is supported, and verify a password against an existing hash. The class is designed to securely store hashed passwords that can be later verified without revealing the original password.

    Description originale:

    Titre original

    123.docx

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document describes a SecurePasswordHasherHelper class that provides methods for securely hashing passwords. The class uses a random salt, PBKDF2 algorithm, and stores the salt and hash together in a formatted string. It includes methods to hash a password, check if a hash is supported, and verify a password against an existing hash. The class is designed to securely store hashed passwords that can be later verified without revealing the original password.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    42 vues3 pages

    123

    Transféré par

    syed najaf ali
    This document describes a SecurePasswordHasherHelper class that provides methods for securely hashing passwords. The class uses a random salt, PBKDF2 algorithm, and stores the salt and hash together in a formatted string. It includes methods to hash a password, check if a hash is supported, and verify a password against an existing hash. The class is designed to securely store hashed passwords that can be later verified without revealing the original password.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 3

    1.

    using System;
    2. using System.Security.Cryptography;
    3.
    4. namespace MyProject.Helpers
    5. {
    6. public sealed class SecurePasswordHasherHelper
    7. {
    8. /// <summary>
    9. /// Size of salt
    10. /// </summary>
    11. private const int SaltSize = 16;
    12.
    13. /// <summary>
    14. /// Size of hash
    15. /// </summary>
    16. private const int HashSize = 20;
    17.
    18. /// <summary>
    19. /// Creates a hash from a password
    20. /// </summary>
    21. /// <param name="password">the password</param>
    22. /// <param name="iterations">number of iterations</param>
    23. /// <returns>the hash</returns>
    24. public static string Hash(string password, int iterations)
    25. {
    26. //create salt
    27. byte[] salt;
    28. new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
    29.
    30. //create hash
    31. var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
    32. var hash = pbkdf2.GetBytes(HashSize);
    33.
    34. //combine salt and hash
    35. var hashBytes = new byte[SaltSize + HashSize];
    36. Array.Copy(salt, 0, hashBytes, 0, SaltSize);
    37. Array.Copy(hash, 0, hashBytes, SaltSize, HashSize);
    38.
    39. //convert to base64
    40. var base64Hash = Convert.ToBase64String(hashBytes);
    41.
    42. //format hash with extra information
    43. return string.Format("$MYHASH$V1${0}${1}", iterations, base64Hash);
    44. }
    45. /// <summary>
    46. /// Creates a hash from a password with 10000 iterations
    47. /// </summary>
    48. /// <param name="password">the password</param>
    49. /// <returns>the hash</returns>
    50. public static string Hash(string password)
    51. {
    52. return Hash(password, 10000);
    53. }
    54.
    55. /// <summary>
    56. /// Check if hash is supported
    57. /// </summary>
    58. /// <param name="hashString">the hash</param>
    59. /// <returns>is supported?</returns>
    60. public static bool IsHashSupported(string hashString)
    61. {
    62. return hashString.Contains("$MYHASH$V1$");
    63. }
    64.
    65. /// <summary>
    66. /// verify a password against a hash
    67. /// </summary>
    68. /// <param name="password">the password</param>
    69. /// <param name="hashedPassword">the hash</param>
    70. /// <returns>could be verified?</returns>
    71. public static bool Verify(string password, string hashedPassword)
    72. {
    73. //check hash
    74. if (!IsHashSupported(hashedPassword))
    75. {
    76. throw new NotSupportedException("The hashtype is not supported");
    77. }
    78.
    79. //extract iteration and Base64 string
    80. var splittedHashString = hashedPassword.Replace("$MYHASH$V1$", "").Split('$');
    81. var iterations = int.Parse(splittedHashString[0]);
    82. var base64Hash = splittedHashString[1];
    83.
    84. //get hashbytes
    85. var hashBytes = Convert.FromBase64String(base64Hash);
    86.
    87. //get salt
    88. var salt = new byte[SaltSize];
    89. Array.Copy(hashBytes, 0, salt, 0, SaltSize);
    90.
    91. //create hash with given salt
    92. var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
    93. byte[] hash = pbkdf2.GetBytes(HashSize);
    94.
    95. //get result
    96. for (var i = 0; i < HashSize; i++)
    97. {
    98. if (hashBytes[i + SaltSize] != hash[i])
    99. {
    100. return false;
    101. }
    102. }
    103. return true;
    104. }
    105. }
    106.
    107. }

    Add this class to your project and use it like this:

    string hashed_password = SecurePasswordHasherHelper.Hash("12345");


    12345 equivalent hashed string
    is $MYHASH$V1$10000$PMCjQg77vX6piW11bo8XKwM2dKjwMk8qOWVj25sMEonKoN2e

    Every time when you’ll hash 12345, you’ll get a different string

    You can Validate password in this way

    1. if (SecurePasswordHasher.Verify("12345",hashed_password))
    2. {
    3. return "Password is Valid";
    4. }

    Vous aimerez peut-être aussi