SHARE
TWEET

Untitled

Ortund Jul 5th, 2016 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. public class Hashing
  2. {
  3.     // The following constants may be changed without breaking existing hashes.
  4.     public const int SALT_BYTE_SIZE = 24;
  5.     public const int HASH_BYTE_SIZE = 24;
  6.     public const int PBKDF2_ITERATIONS = 1000;
  7.  
  8.     public const int ITERATION_INDEX = 0;
  9.     public const int SALT_INDEX = 1;
  10.     public const int PBKDF2_INDEX = 2;
  11.  
  12.     /// <summary>
  13.     /// Creates a salted PBKDF2 hash of the password.
  14.     /// </summary>
  15.     /// <param name="password">The password to hash.</param>
  16.     /// <returns>The hash of the password.</returns>
  17.     public static string CreateHash(string password)
  18.     {
  19.         // Generate a random salt
  20.         RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
  21.         byte[] salt = new byte[SALT_BYTE_SIZE];
  22.         csprng.GetBytes(salt);
  23.  
  24.         // Hash the password and encode the parameters
  25.         byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
  26.         return PBKDF2_ITERATIONS + ":" +
  27.             Convert.ToBase64String(salt) + ":" +
  28.             Convert.ToBase64String(hash);
  29.     }
  30.  
  31.     /// <summary>
  32.     /// Computes the PBKDF2-SHA1 hash of a password.
  33.     /// </summary>
  34.     /// <param name="password">The password to hash.</param>
  35.     /// <param name="salt">The salt.</param>
  36.     /// <param name="iterations">The PBKDF2 iteration count.</param>
  37.     /// <param name="outputBytes">The length of the hash to generate, in bytes.</param>
  38.     /// <returns>A hash of the password.</returns>
  39.     private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
  40.     {
  41.         Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
  42.         pbkdf2.IterationCount = iterations;
  43.         return pbkdf2.GetBytes(outputBytes);
  44.     }
  45.  
  46.     /// <summary>
  47.     /// Validates a password given a hash of the correct one.
  48.     /// </summary>
  49.     /// <param name="password">The password to check.</param>
  50.     /// <param name="correctHash">A hash of the correct password.</param>
  51.     /// <returns>True if the password is correct. False otherwise.</returns>
  52.     public static bool ValidatePassword(string password, string correctHash)
  53.     {
  54.         // assumes user just registered
  55.         if (String.Compare(password, correctHash, false) == 0)
  56.         {
  57.             return true;
  58.         }
  59.  
  60.         // Extract the parameters from the hash
  61.         char[] delimiter = { ':' };
  62.         string[] split = correctHash.Split(delimiter);
  63.         int iterations = Int32.Parse(split[ITERATION_INDEX]);
  64.         byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
  65.         byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
  66.  
  67.         byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
  68.         return SlowEquals(hash, testHash);
  69.     }
  70.  
  71.     /// <summary>
  72.     /// Compares two byte arrays in length-constant time. This comparison
  73.     /// method is used so that password hashes cannot be extracted from
  74.     /// on-line systems using a timing attack and then attacked off-line.
  75.     /// </summary>
  76.     /// <param name="a">The first byte array.</param>
  77.     /// <param name="b">The second byte array.</param>
  78.     /// <returns>True if both byte arrays are equal. False otherwise.</returns>
  79.     private static bool SlowEquals(byte[] a, byte[] b)
  80.     {
  81.         uint diff = (uint)a.Length ^ (uint)b.Length;
  82.         for (int i = 0; i < a.Length && i < b.Length; i++)
  83.             diff |= (uint)(a[i] ^ b[i]);
  84.         return diff == 0;
  85.     }
  86. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top