BCrypt.Net-Next
BCrypt implementation.
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
"A Future-
Adaptable Password Scheme" by Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password cracking using a
computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher.
The work factor of the algorithm is parameterised, so it can be increased as computers
get faster.
To hash a password using the defaults, call the (which will generate a random salt and hash at default cost), like this:
string pw_hash = BCrypt.HashPassword(plain_password);
To hash a password using SHA384 pre-hashing for increased entropy call
(which will generate a random salt and hash at default cost), like this:
string pw_hash = BCrypt.EnhancedHashPassword(plain_password);
To check whether a plaintext password matches one that has been hashed previously,
use the method:
(To validate an enhanced hash you can pass true as the last parameter of Verify or use )
if (BCrypt.Verify(candidate_password, stored_hash))
Console.WriteLine("It matches");
else
Console.WriteLine("It does not match");
The method takes an optional parameter (workFactor) that
determines the computational complexity of the hashing:
string strong_salt = BCrypt.GenerateSalt(10);
string stronger_salt = BCrypt.GenerateSalt(12);
The amount of work increases exponentially (2^workFactor), so each increment is twice
as much work. The default workFactor is 10, and the valid range is 4 to 31.
Default Work Factor
RandomNumberGenerator.Create calls RandomNumberGenerator.Create("System.Security.Cryptography.RandomNumberGenerator"), which will create an instance of RNGCryptoServiceProvider.
https://msdn.microsoft.com/en-us/library/42ks8fz1
Validate existing hash and password,
Current password / string
Current hash to validate password against
NEW password / string to be hashed
The log2 of the number of rounds of hashing to apply - the work
factor therefore increases as 2^workFactor. Default is 11
By default this method will not accept a work factor lower
than the one set in the current hash and will set the new work-factor to match.
returned if the users hash and current pass doesn't validate
returned if the salt is invalid in any way
returned if the hash is invalid
returned if the user hash is null
New hash of new password
Validate existing hash and password,
Current password / string
Current hash to validate password against
Set to true,the string will undergo SHA384 hashing to make
use of available entropy prior to bcrypt hashing
HashType used (default SHA384)
NEW password / string to be hashed
Set to true,the string will undergo SHA384 hashing to make
use of available entropy prior to bcrypt hashing
HashType to use (default SHA384)
The log2 of the number of rounds of hashing to apply - the work
factor therefore increases as 2^workFactor. Default is 11
By default this method will not accept a work factor lower
than the one set in the current hash and will set the new work-factor to match.
returned if the users hash and current pass doesn't validate
returned if the salt is invalid in any way
returned if the hash is invalid
returned if the user hash is null
New hash of new password
Hash a string using the OpenBSD BCrypt scheme and a salt generated by .
Just an alias for HashPassword.
The string to hash.
The log2 of the number of rounds of hashing to apply - the work
factor therefore increases as 2^workFactor. Default is 11
The hashed string.
Thrown when the salt could not be parsed.
Hash a password using the OpenBSD BCrypt scheme and a salt generated by .
The password to hash.
The hashed password.
Thrown when the salt could not be parsed.
Pre-hash a password with SHA384 then using the OpenBSD BCrypt scheme and a salt generated by .
The password to hash.
The hashed password.
Thrown when the salt could not be parsed.
Pre-hash a password with SHA384 then using the OpenBSD BCrypt scheme and a salt generated by .
The password to hash.
The hashed password.
Thrown when the salt could not be parsed.
Pre-hash a password with SHA384 then using the OpenBSD BCrypt scheme and a salt generated by .
The password to hash.
Configurable hash type for enhanced entropy
The hashed password.
Thrown when the salt could not be parsed.
Pre-hash a password with SHA384 then using the OpenBSD BCrypt scheme and a salt generated by .
The password to hash.
Defaults to 11
Configurable hash type for enhanced entropy
The hashed password.
Thrown when the salt could not be parsed.
Hash a password using the OpenBSD BCrypt scheme and a salt generated by using the given .
The password to hash.
The log2 of the number of rounds of hashing to apply - the work
factor therefore increases as 2^workFactor. Default is 11
Set to true,the string will undergo SHA384 hashing to make use of available entropy prior to bcrypt hashing
The hashed password.
Thrown when the salt could not be parsed.
Hash a password using the OpenBSD BCrypt scheme.
Thrown when one or more arguments have unsupported or illegal values.
The password or string to hash.
the salt to hash with (best generated using ).
The hashed password
Thrown when the could not be parsed.
Hash a password using the OpenBSD BCrypt scheme.
Thrown when one or more arguments have unsupported or illegal values.
The password or string to hash.
the salt to hash with (best generated using ).
Set to true,the string will undergo hashing (defaults to SHA384 then base64 encoding) to make use of available entropy prior to bcrypt hashing
Configurable hash type for enhanced entropy
The hashed password
Thrown when the is null.
Thrown when the could not be parsed.
Hashes key, base64 encodes before returning byte array
Generate a salt for use with the method.
The log2 of the number of rounds of hashing to apply - the work
factor therefore increases as 2**workFactor.
Work factor must be between 4 and 31
A base64 encoded salt value.
BCrypt Revision should be a, b, x or y
Based on password_needs_rehash in PHP this method will return true
if the work factor (logrounds) set on the hash is lower than the new minimum workload passed in
full bcrypt hash
target workload
true if new work factor is higher than the one in the hash
throws if the current hash workload (logrounds) can not be parsed
Takes a valid hash and outputs its component parts
Generate a salt for use with the method
selecting a reasonable default for the number of hashing rounds to apply.
A base64 encoded salt value.
Verifies that the hash of the given matches the provided
; the string will undergo SHA384 hashing to maintain the enhanced entropy work done during hashing
The text to verify.
The previously-hashed password.
HashType used (default SHA384)
true if the passwords match, false otherwise.
Verifies that the hash of the given matches the provided
The text to verify.
The previously-hashed password.
Set to true,the string will undergo SHA384 hashing to make use of available entropy prior to bcrypt hashing
HashType used (default SHA384)
true if the passwords match, false otherwise.
Thrown when one or more arguments have unsupported or illegal values.
Thrown when the salt could not be parsed.
Encode a byte array using BCrypt's slightly-modified base64 encoding scheme. Note that this
is *not* compatible with the standard MIME-base64 encoding.
Thrown when one or more arguments have unsupported or
illegal values.
The byte array to encode.
The number of bytes to encode.
Base64-encoded string.
Decode a string encoded using BCrypt's base64 scheme to a byte array.
Note that this is *not* compatible with the standard MIME-base64 encoding.
Thrown when one or more arguments have unsupported or
illegal values.
The string to decode.
The maximum bytes to decode.
The decoded byte array.
Look up the 3 bits base64-encoded by the specified character, range-checking against
conversion table.
The base64-encoded value.
The decoded value of x.
Blowfish encipher a single 64-bit block encoded as two 32-bit halves.
An array containing the two 32-bit half blocks.
The position in the array of the blocks.
Cyclically extract a word of key material.
The string to extract the data from.
[in,out] The current offset.
The next word of material from data.
Initializes the Blowfish key schedule.
Key the Blowfish cipher.
The key byte array.
Perform the "enhanced key schedule" step described by Provos and Mazieres in
"A Future Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps.
Salt byte array.
Input byte array.
Perform the central hashing step in the BCrypt scheme.
Thrown when one or more arguments have unsupported or
illegal values.
The input byte array to hash.
The salt byte array to hash with.
The binary logarithm of the number of rounds of hashing to apply.
A byte array containing the hashed result.
Exception for signalling hash validation errors.
Default constructor.
Initializes a new instance of .
The message.
Initializes a new instance of .
The message.
The inner exception.
HashInformation : A value object that contains the results of interrogating a hash
Namely its settings (2a$10 for example); version (2a); workfactor (log rounds), and the raw hash returned
Constructor.
The message.
The message.
The message.
The message.
Settings string
Hash Version
log rounds used / workfactor
Raw Hash
Exception used to signal errors that occur during use of the hash information methods
Default Constructor
Initializes a new instance of .
Initializes a new instance of .
Type of SHA implementation to use
Keys will be hashed, then base64 encoded before being passed to crypt.
Unless legacy is selected in which case simply SHA384 hashed.
Exception for signalling parse errors during salt checks.
Default constructor.
Initializes a new instance of .
The message.
Initializes a new instance of .
The message.
The inner exception.