C# Online Compiler | .NET Fiddle

<no name> by Anonymous

using System;
using System.Diagnostics;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto.Parameters;

namespace StrongerPasswords
{
    public class Program
    {
        public static void Main(string[] args)
        {
            var stopWatch = new Stopwatch();
            stopWatch.Start();
            var hash = PasswordHash.CreateHash("bananas");
            PasswordHash.ValidatePassword("bananas", hash);

            stopWatch.Stop();

			Console.WriteLine("The hash was {0}", hash);
            Console.WriteLine("It took {0} ms to hash and validate a password.", stopWatch.Elapsed.TotalMilliseconds);
            Console.ReadLine();
        }
    }

    /// &lt;summary&gt;
    /// Salted password hashing with PBKDF2-SHA1.
    /// Author: havoc AT defuse.ca
    /// www: http://crackstation.net/hashing-security.htm
    /// Compatibility: .NET 3.0 and later.
    /// &lt;/summary&gt;
    public class PasswordHash
    {
        // The following constants may be changed without breaking existing hashes.
        public const int SALT_BYTE_SIZE = 24;
        public const int HASH_BYTE_SIZE = 24;
        public const int PBKDF2_ITERATIONS = 10000;

        public const int ITERATION_INDEX = 0;
        public const int SALT_INDEX = 1;
        public const int PBKDF2_INDEX = 2;
		private static SecureRandom CryptoRandom = new SecureRandom();
        /// &lt;summary&gt;
        /// Creates a salted PBKDF2 hash of the password.
        /// &lt;/summary&gt;
        /// &lt;param name="password"&gt;The password to hash.&lt;/param&gt;
        /// &lt;returns&gt;The hash of the password.&lt;/returns&gt;
        public static string CreateHash(string password)
        {
            // Generate a random salt
            byte[] salt = new byte[SALT_BYTE_SIZE];
            CryptoRandom.NextBytes(salt);

            // Hash the password and encode the parameters
            byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
            return PBKDF2_ITERATIONS + ":" +
                Convert.ToBase64String(salt) + ":" +
                Convert.ToBase64String(hash);
        }

        /// &lt;summary&gt;
        /// Validates a password given a hash of the correct one.
        /// &lt;/summary&gt;
        /// &lt;param name="password"&gt;The password to check.&lt;/param&gt;
        /// &lt;param name="correctHash"&gt;A hash of the correct password.&lt;/param&gt;
        /// &lt;returns&gt;True if the password is correct. False otherwise.&lt;/returns&gt;
        public static bool ValidatePassword(string password, string correctHash)
        {
            // Extract the parameters from the hash
            char[] delimiter = { ':' };
            string[] split = correctHash.Split(delimiter);
            int iterations = Int32.Parse(split[ITERATION_INDEX]);
            byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
            byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);

            byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
            return SlowEquals(hash, testHash);
        }

        /// &lt;summary&gt;
        /// Compares two byte arrays in length-constant time. This comparison
        /// method is used so that password hashes cannot be extracted from
        /// on-line systems using a timing attack and then attacked off-line.
        /// &lt;/summary&gt;
        /// &lt;param name="a"&gt;The first byte array.&lt;/param&gt;
        /// &lt;param name="b"&gt;The second byte array.&lt;/param&gt;
        /// &lt;returns&gt;True if both byte arrays are equal. False otherwise.&lt;/returns&gt;
        private static bool SlowEquals(byte[] a, byte[] b)
        {
            uint diff = (uint)a.Length ^ (uint)b.Length;
            for (int i = 0; i &lt; a.Length &amp;&amp; i &lt; b.Length; i++)
                diff |= (uint)(a[i] ^ b[i]);
            return diff == 0;
        }

        /// &lt;summary&gt;
        /// Computes the PBKDF2-SHA1 hash of a password.
        /// &lt;/summary&gt;
        /// &lt;param name="password"&gt;The password to hash.&lt;/param&gt;
        /// &lt;param name="salt"&gt;The salt.&lt;/param&gt;
        /// &lt;param name="iterations"&gt;The PBKDF2 iteration count.&lt;/param&gt;
        /// &lt;param name="outputBytes"&gt;The length of the hash to generate, in bytes.&lt;/param&gt;
        /// &lt;returns&gt;A hash of the password.&lt;/returns&gt;
        private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
        {   var pdb = new Pkcs5S2ParametersGenerator();
		 	pdb.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()), salt,
                         iterations);
        	var key = (KeyParameter) pdb.GenerateDerivedMacParameters(outputBytes*8);
            return key.GetKey();
        }
    }

}

​x
 
using System;
using System.Diagnostics;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto.Parameters;
​
namespace StrongerPasswords
{
    public class Program
    {
        public static void Main(string[] args)
        {
            var stopWatch = new Stopwatch();
            stopWatch.Start();
            var hash = PasswordHash.CreateHash("bananas");
            PasswordHash.ValidatePassword("bananas", hash);
​
            stopWatch.Stop();
​
            Console.WriteLine("The hash was {0}", hash);
            Console.WriteLine("It took {0} ms to hash and validate a password.", stopWatch.Elapsed.TotalMilliseconds);
            Console.ReadLine();
        }
    }
​
    /// &lt;summary&gt;
    /// Salted password hashing with PBKDF2-SHA1.
    /// Author: havoc AT defuse.ca
    /// www: http://crackstation.net/hashing-security.htm
    /// Compatibility: .NET 3.0 and later.
    /// &lt;/summary&gt;
    public class PasswordHash
    {
        // The following constants may be changed without breaking existing hashes.
        public const int SALT_BYTE_SIZE = 24;
        public const int HASH_BYTE_SIZE = 24;
        public const int PBKDF2_ITERATIONS = 10000;
​
        public const int ITERATION_INDEX = 0;
        public const int SALT_INDEX = 1;
        public const int PBKDF2_INDEX = 2;
        private static SecureRandom CryptoRandom = new SecureRandom();
        /// &lt;summary&gt;
        /// Creates a salted PBKDF2 hash of the password.
        /// &lt;/summary&gt;
        /// &lt;param name="password"&gt;The password to hash.&lt;/param&gt;
        /// &lt;returns&gt;The hash of the password.&lt;/returns&gt;
        public static string CreateHash(string password)
        {
            // Generate a random salt
            byte[] salt = new byte[SALT_BYTE_SIZE];
            CryptoRandom.NextBytes(salt);
​
            // Hash the password and encode the parameters
            byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
            return PBKDF2_ITERATIONS + ":" +
                Convert.ToBase64String(salt) + ":" +
                Convert.ToBase64String(hash);
        }
​
        /// &lt;summary&gt;
        /// Validates a password given a hash of the correct one.
        /// &lt;/summary&gt;
        /// &lt;param name="password"&gt;The password to check.&lt;/param&gt;
        /// &lt;param name="correctHash"&gt;A hash of the correct password.&lt;/param&gt;
        /// &lt;returns&gt;True if the password is correct. False otherwise.&lt;/returns&gt;
        public static bool ValidatePassword(string password, string correctHash)
        {
            // Extract the parameters from the hash
            char[] delimiter = { ':' };
            string[] split = correctHash.Split(delimiter);
            int iterations = Int32.Parse(split[ITERATION_INDEX]);
            byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
            byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
​
            byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
            return SlowEquals(hash, testHash);
        }
​
        /// &lt;summary&gt;
        /// Compares two byte arrays in length-constant time. This comparison
        /// method is used so that password hashes cannot be extracted from
        /// on-line systems using a timing attack and then attacked off-line.
        /// &lt;/summary&gt;
        /// &lt;param name="a"&gt;The first byte array.&lt;/param&gt;
        /// &lt;param name="b"&gt;The second byte array.&lt;/param&gt;
        /// &lt;returns&gt;True if both byte arrays are equal. False otherwise.&lt;/returns&gt;
        private static bool SlowEquals(byte[] a, byte[] b)
        {
            uint diff = (uint)a.Length ^ (uint)b.Length;
            for (int i = 0; i &lt; a.Length &amp;&amp; i &lt; b.Length; i++)
                diff |= (uint)(a[i] ^ b[i]);
            return diff == 0;
        }
​
        /// &lt;summary&gt;
        /// Computes the PBKDF2-SHA1 hash of a password.
        /// &lt;/summary&gt;
        /// &lt;param name="password"&gt;The password to hash.&lt;/param&gt;
        /// &lt;param name="salt"&gt;The salt.&lt;/param&gt;
        /// &lt;param name="iterations"&gt;The PBKDF2 iteration count.&lt;/param&gt;
        /// &lt;param name="outputBytes"&gt;The length of the hash to generate, in bytes.&lt;/param&gt;
        /// &lt;returns&gt;A hash of the password.&lt;/returns&gt;
        private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
        {   var pdb = new Pkcs5S2ParametersGenerator();
            pdb.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()), salt,
                         iterations);
            var key = (KeyParameter) pdb.GenerateDerivedMacParameters(outputBytes*8);
            return key.GetKey();
        }
    }
​
}
​

View IL Code