public sealed class SecurePasswordHasherHelper { /// <summary>

1. public sealed class SecurePasswordHasherHelper
2.     {
3.         /// <summary>
4.         /// Size of salt
5.         /// </summary>
6.         private const int SaltSize = 16;
7.         /// <summary>
8.         /// Size of hash
9.         /// </summary>
10.         private const int HashSize = 20;
11.         /// <summary>
12.         /// Creates a hash from a password
13.         /// </summary>
14.         /// <param name="password">the password</param>
15.         /// <param name="iterations">number of iterations</param>
16.         /// <returns>the hash</returns>
17.         public static string Hash(string password, int iterations)
18.         {
19.             //create salt
20.             byte[] salt;
21.             new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
22.             //create hash
23.             var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
24.             var hash = pbkdf2.GetBytes(HashSize);
25.             //combine salt and hash
26.             var hashBytes = new byte[SaltSize + HashSize];
27.             Array.Copy(salt, 0, hashBytes, 0, SaltSize);
28.             Array.Copy(hash, 0, hashBytes, SaltSize, HashSize);
29.             //convert to base64
30.             var base64Hash = Convert.ToBase64String(hashBytes);
31.             //format hash with extra information
32.             return string.Format("$MYHASH$V1${0}${1}", iterations, base64Hash);
33.         }
34.         /// <summary>
35.         /// Creates a hash from a password with 10000 iterations
36.         /// </summary>
37.         /// <param name="password">the password</param>
38.         /// <returns>the hash</returns>
39.         public static string Hash(string password)
40.         {
41.             return Hash(password, 10000);
42.         }
43.         /// <summary>
44.         /// Check if hash is supported
45.         /// </summary>
46.         /// <param name="hashString">the hash</param>
47.         /// <returns>is supported?</returns>
48.         public static bool IsHashSupported(string hashString)
49.         {
50.             return hashString.Contains("$MYHASH$V1$");
51.         }
52.         /// <summary>
53.         /// verify a password against a hash
54.         /// </summary>
55.         /// <param name="password">the password</param>
56.         /// <param name="hashedPassword">the hash</param>
57.         /// <returns>could be verified?</returns>
58.         public static bool Verify(string password, string hashedPassword)
59.         {
60.             //check hash
61.             if (!IsHashSupported(hashedPassword))
62.             {
63.                 throw new NotSupportedException("The hashtype is not supported");
64.             }
65.             //extract iteration and Base64 string
66.             var splittedHashString = hashedPassword.Replace("$MYHASH$V1$", "").Split('$');
67.             var iterations = int.Parse(splittedHashString[0]);
68.             var base64Hash = splittedHashString[1];
69.             //get hashbytes
70.             var hashBytes = Convert.FromBase64String(base64Hash);
71.             //get salt
72.             var salt = new byte[SaltSize];
73.             Array.Copy(hashBytes, 0, salt, 0, SaltSize);
74.             //create hash with given salt
75.             var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
76.             byte[] hash = pbkdf2.GetBytes(HashSize);
77.             //get result
78.             for (var i = 0; i < HashSize; i++)
79.             {
80.                 if (hashBytes[i + SaltSize] != hash[i])
81.                 {
82.                     return false;
83.                 }
84.             }
85.             return true;
86.         }
87.     }
88. }