SHARE
TWEET

Show Salt Reason

a guest Dec 2nd, 2019 190 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Sub Main
  2.  
  3.  
  4.     Dim passwords = Enumerable.Range(0, 5).Select(Function(d, i) New UserRecord With {.Name = i.ToString, .PasswordInfo = New PasswordData With {.ClearTextPassword = "cat"}}).ToArray
  5.  
  6.     passwords.Select(Function(p) New With {.UserName = p.Name, .Password = PasswordData.ConvertBytesToHex(p.PasswordInfo.Password), .Salt = PasswordData.ConvertBytesToHex(p.PasswordInfo.Salt)}).Dump("All passwords are cat")
  7.     Console.WriteLine("Now these are records in a database or file or any storage.  
  8. Instead of names of 0-4 it could be user names.
  9. I could match user name 3 to get that record and then get the salt and load up a PasswordData instance like below.
  10. You don't need to store the values as hex.  I just did that to show the values in a little easier to read format.")
  11.     Dim rand As New Random
  12.     Dim index As Integer = rand.Next(0, passwords.Length)
  13.  
  14.     Dim pw = passwords(index)
  15.  
  16.  
  17.     Dim pwData As New PasswordData(pw.PasswordInfo.Salt, pw.PasswordInfo.Password)
  18.     pwData.ToString.Dump("Password loaded from datasource")
  19.  
  20.     pwData.VerifyPassword("cat").Dump("Password is cat?")
  21.  
  22.  
  23.  
  24. End Sub
  25. 'This just demonstrates basic password functionality.  Storing passwords even as strings because of managed memory is no a good idea.  
  26. 'This time I am not covering SecureStrings
  27. Class PasswordData
  28.     Private Readonly enc As Encoding = Encoding.Unicode
  29.     Sub New
  30.         GenerateSalt
  31.     End Sub
  32.  
  33.     Sub New(Salt As Byte(), Password As Byte())
  34.         Me.Salt = Salt
  35.         _PasswordBytes = Password
  36.     End Sub
  37.     Sub GenerateSalt()
  38.         Dim tmp(63) As Byte
  39.         Using rng As New Security.Cryptography.RNGCryptoServiceProvider()
  40.             rng.GetNonZeroBytes(tmp)
  41.         End Using
  42.         Salt = tmp
  43.     End Sub
  44.     Private _PasswordBytes As Byte()
  45.     Writeonly Property ClearTextPassword As String
  46.         Set(value As String)
  47.             _PasswordBytes = HashPassword(value)
  48.         End Set
  49.     End Property
  50.     ReadOnly Property Password As Byte()
  51.         Get
  52.             Return _PasswordBytes
  53.         End Get
  54.     End Property
  55.  
  56.  
  57.  
  58.     Property Salt As Byte()
  59.  
  60.  
  61.     Shared Function ConvertBytesToHex(bytes As Byte()) As String
  62.         Return String.Join("", bytes.Select(Function(b) b.ToString("X2")))
  63.     End Function
  64.     Shared Function ConvertHexToBytes(Hex As String) As Byte()
  65.         If Hex.Length Mod 2 <> 0 Then
  66.             Throw New ArgumentException($"{Nameof(Hex)} must be a valid hex string of 2 characters per byte.", Nameof(Hex))
  67.         End If
  68.  
  69.         Dim bytes As Byte() = New Byte(hex.Length \ 2 - 1) {}
  70.  
  71.         For i As Integer = 0 To hex.Length - 1 Step 2
  72.             bytes(i \ 2) = Byte.Parse(Hex.Substring(i, 2), System.Globalization.NumberStyles.HexNumber)
  73.         Next
  74.  
  75.         Return bytes
  76.     End Function
  77.  
  78.     Function HashPassword(ClearText As String) As Byte()
  79.         Dim pBytes = enc.GetBytes(ClearText).Concat(Salt).ToArray
  80.  
  81.         Using sha As System.Security.Cryptography.SHA512 = System.Security.Cryptography.SHA512CryptoServiceProvider.Create
  82.             Return sha.ComputeHash(pbytes)
  83.         End Using
  84.     End Function
  85.  
  86.  
  87.  
  88.     Function VerifyPassword(ClearTextPassword As String) As Boolean
  89.  
  90.         Dim hashed = HashPassword(ClearTextPassword)
  91.         Return Enumerable.SequenceEqual(_PasswordBytes, hashed)
  92.     End Function
  93.     Overrides Function ToString() As String
  94.         Return $"{ConvertBytesToHex(_PasswordBytes)}{vbTab}{ConvertBytesToHex(Salt)}"
  95.  
  96.     End Function
  97.  
  98.  
  99.  
  100. End Class
  101.  
  102. Class UserRecord
  103.     Property PasswordInfo As New PasswordData
  104.     Property Name As String
  105.  
  106.     Public Overrides Function ToString() As String
  107.         Return $"{Name}{vbTab}{PasswordData.ConvertBytesToHex(PasswordInfo.Password)}{vbTab}{PasswordData.ConvertBytesToHex(PasswordInfo.Salt)}"
  108.     End Function
  109.  
  110. End Class
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top