PBDKF2Check

1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Security.Cryptography;
5. using System.Text;
6. using System.Threading.Tasks;
7.  
8. namespace PBKDF2Check
9. {
10. class Program
11. {
12. // The following constants may be changed without breaking existing hashes.
13. public const int SALT_BYTE_SIZE = 24;
14. public const int HASH_BYTE_SIZE = 24;
15. public const int PBKDF2_ITERATIONS = 1000;
16.  
17. public const int ITERATION_INDEX = 0;
18. public const int SALT_INDEX = 1;
19. public const int PBKDF2_INDEX = 2;
20. static void Main(string[] args)
21. {
22. string hash = CreateHash("Hello");
23. bool istrue = ValidatePassword("Hello", "1000:JdjvFQIe9/UZCwaaKeh9w4ISRkzfFAPW:wK4LUSbfiLefVDoNwQ7F+xy/hNN/WKXf");
24. }
25. /// <summary>
26. /// Creates a salted PBKDF2 hash of the password.
27. /// </summary>
28. /// <param name="password">The password to hash.</param>
29. /// <returns>The hash of the password.</returns>
30. public static string CreateHash(string password)
31. {
32. // Generate a random salt
33. RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
34. byte[] salt = new byte[SALT_BYTE_SIZE];
35. csprng.GetBytes(salt);
36.  
37. // Hash the password and encode the parameters
38. byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
39. return PBKDF2_ITERATIONS + ":" +
40. Convert.ToBase64String(salt) + ":" +
41. Convert.ToBase64String(hash);
42. }
43. /// <summary>
44. /// Validates a password given a hash of the correct one.
45. /// </summary>
46. /// <param name="password">The password to check.</param>
47. /// <param name="correctHash">A hash of the correct password.</param>
48. /// <returns>True if the password is correct. False otherwise.</returns>
49. public static bool ValidatePassword(string password, string correctHash)
50. {
51. // Extract the parameters from the hash
52. char[] delimiter = { ':' };
53. string[] split = correctHash.Split(delimiter);
54. int iterations = Int32.Parse(split[ITERATION_INDEX]);
55. byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
56. byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
57.  
58. byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
59. return SlowEquals(hash, testHash);
60. }
61.  
62. /// <summary>
63. /// Compares two byte arrays in length-constant time. This comparison
64. /// method is used so that password hashes cannot be extracted from
65. /// on-line systems using a timing attack and then attacked off-line.
66. /// </summary>
67. /// <param name="a">The first byte array.</param>
68. /// <param name="b">The second byte array.</param>
69. /// <returns>True if both byte arrays are equal. False otherwise.</returns>
70. private static bool SlowEquals(byte[] a, byte[] b)
71. {
72. uint diff = (uint)a.Length ^ (uint)b.Length;
73. for (int i = 0; i < a.Length && i < b.Length; i++)
74. diff |= (uint)(a[i] ^ b[i]);
75. return diff == 0;
76. }
77.  
78. /// <summary>
79. /// Computes the PBKDF2-SHA1 hash of a password.
80. /// </summary>
81. /// <param name="password">The password to hash.</param>
82. /// <param name="salt">The salt.</param>
83. /// <param name="iterations">The PBKDF2 iteration count.</param>
84. /// <param name="outputBytes">The length of the hash to generate, in bytes.</param>
85. /// <returns>A hash of the password.</returns>
86. private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
87. {
88. Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
89. pbkdf2.IterationCount = iterations;
90. return pbkdf2.GetBytes(outputBytes);
91. }
92. }
93.  
94. }