/Models/SaltedHash.cs

# · C# · 161 lines · 72 code · 14 blank · 75 comment · 0 complexity · c925d7d961f7ab1588b213e4135b16ec MD5 · raw file 

    

  1. #region License Information

    2. 

  2. // Copyright (c) 2005 - 2009, Allan Spartacus Mangune (allan@owlpal.com)

    3. 

  3. // All rights reserved.

    4. 

  4. //

    5. 

  5. // Redistribution and use in source and binary forms, with or without modification, 

    6. 

  6. // are permitted provided that the following conditions are met:

    7. 

  7. //

    8. 

  8. // * Redistributions of source code must retain the above copyright notice, this list 

    9. 

  9. //   of conditions and the following disclaimer.

    10. 

  10. //

    11. 

  11. // * Redistributions in binary form must reproduce the above copyright notice, this list of 

    12. 

  12. //   conditions and the following disclaimer in the documentation and/or other materials provided 

    13. 

  13. //   with the distribution.

    14. 

  14. //

    15. 

  15. // * Neither the name of Owlpal nor the names of its contributors may be used to endorse or 

    16. 

  16. //   promote products derived from this software without specific prior written permission.

    17. 

  17. //

    18. 

  18. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS 

    19. 

  19. // OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 

    20. 

  20. // FITNESS FOR AllowHtmlInComment PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS 

    21. 

  21. // BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 

    22. 

  22. // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 

    23. 

  23. // OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 

    24. 

  24. // CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 

    25. 

  25. // USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

    26. 

  26. #endregion

    27. 

  27. using System;

    28. 

  28. using System.Security.Cryptography;

    29. 

  29. 

    30. 

  30. namespace Owlpal.Security

    31. 

  31. {

    32. 

  32. 	public sealed class SaltedHash 

    33. 

  33. 	{

    34. 

  34. 		#region Members

    35. 

  35. 		private readonly string salt;

    36. 

  36. 		private readonly string hash;

    37. 

  37. 		private const int saltLength = 20;

    38. 

  38. 		#endregion

    39. 

  39. 

    40. 

  40. 		#region Properties

    41. 

  41.         /// <summary>

    42. 

  42.         /// 

    43. 

  43.         /// </summary>

    44. 

  44.         public string Hash

    45. 

  45.         {

    46. 

  46.             get { return this.hash; }

    47. 

  47.         }

    48. 

  48.         

    49. 

  49.         /// <summary>

    50. 

  50.         /// 

    51. 

  51.         /// </summary>

    52. 

  52.         public string Salt 

    53. 

  53. 		{ 

    54. 

  54. 			get { return this.salt; } 

    55. 

  55. 		}

    56. 

  56.         #endregion

    57. 

  57. 

    58. 

  58. 		#region Public Members

    59. 

  59. 		/// <summary>

    60. 

  60. 		/// 

    61. 

  61. 		/// </summary>

    62. 

  62. 		/// <param name="password"></param>

    63. 

  63. 		/// <returns></returns>

    64. 

  64.         public SaltedHash Create(string password) 

    65. 

  65. 		{

    66. 

  66. 			string salt = CreateSalt();

    67. 

  67. 			string hash = ComputeHash(salt, password);

    68. 

  68. 			return new SaltedHash(salt, hash);

    69. 

  69. 		}

    70. 

  70. 

    71. 

  71.         /// <summary>

    72. 

  72.         /// 

    73. 

  73.         /// </summary>

    74. 

  74.         /// <param name="salt"></param>

    75. 

  75.         /// <param name="hash"></param>

    76. 

  76.         /// <returns></returns>

    77. 

  77. 		public SaltedHash Create(string salt, string hash) 

    78. 

  78. 		{

    79. 

  79. 			return new SaltedHash(salt, hash);

    80. 

  80. 		}

    81. 

  81. 

    82. 

  82.         /// <summary>

    83. 

  83.         /// 

    84. 

  84.         /// </summary>

    85. 

  85.         /// <param name="password"></param>

    86. 

  86.         /// <param name="salt"></param>

    87. 

  87.         /// <returns></returns>

    88. 

  88. 		public bool IsValid(string password, string salt) 

    89. 

  89. 		{

    90. 

  90.             return this.hash.Equals(ComputeHash(salt, password));

    91. 

  91. 		}

    92. 

  92. 

    93. 

  93.         /// <summary>

    94. 

  94.         /// 

    95. 

  95.         /// </summary>

    96. 

  96.         /// <param name="password"></param>

    97. 

  97.         /// <returns></returns>

    98. 

  98.         public bool IsValid(string password)

    99. 

  99.         { 

    100. 

  100.             return this.hash.Equals(ComputeHash(this.salt, password));

    101. 

  101.         }

    102. 

  102. 		#endregion

    103. 

  103. 

    104. 

  104. 		#region Private Members

    105. 

  105. 		/// <summary>

    106. 

  106.         /// 

    107. 

  107.         /// </summary>

    108. 

  108.         /// <returns></returns>

    109. 

  109. 		private string CreateSalt() 

    110. 

  110. 		{

    111. 

  111. 			return Convert.ToBase64String(CreateRandomBytes(saltLength));

    112. 

  112. 		}

    113. 

  113. 

    114. 

  114.         /// <summary>

    115. 

  115.         /// 

    116. 

  116.         /// </summary>

    117. 

  117.         /// <param name="len"></param>

    118. 

  118.         /// <returns></returns>

    119. 

  119. 		private byte[] CreateRandomBytes(int len) 

    120. 

  120. 		{

    121. 

  121. 			byte[] randomBytes = new byte[len];

    122. 

  122. 			new  RNGCryptoServiceProvider().GetBytes(randomBytes);

    123. 

  123. 			return randomBytes;

    124. 

  124. 		}

    125. 

  125. 

    126. 

  126.         /// <summary>

    127. 

  127.         /// 

    128. 

  128.         /// </summary>

    129. 

  129.         /// <param name="salt"></param>

    130. 

  130.         /// <param name="password"></param>

    131. 

  131.         /// <returns></returns>

    132. 

  132. 		private string ComputeHash(string salt, string password) 

    133. 

  133. 		{

    134. 

  134. 			return Convert.ToBase64String(new SHA256CryptoServiceProvider()

    135. 

  135.                 .ComputeHash(System.Text.Encoding.UTF8.GetBytes(salt + password)));

    136. 

  136. 		}

    137. 

  137. 		#endregion

    138. 

  138. 

    139. 

  139.         #region Contructors

    140. 

  140.         /// <summary>

    141. 

  141.         /// 

    142. 

  142.         /// </summary>

    143. 

  143.         public SaltedHash()

    144. 

  144.         {

    145. 

  145. 

    146. 

  146.         }

    147. 

  147. 

    148. 

  148.         /// <summary>

    149. 

  149.         /// 

    150. 

  150.         /// </summary>

    151. 

  151.         /// <param name="salt"></param>

    152. 

  152.         /// <param name="hash"></param>

    153. 

  153.         public SaltedHash(string salt, string hash)

    154. 

  154.         {

    155. 

  155.             this.salt = salt;

    156. 

  156.             this.hash = hash;

    157. 

  157.         }

    158. 

  158.         #endregion

    159. 

  159.     }

    160. 

  160. }
    161.