找了一篇PBKDF2加密密码的方法,分享给园友们。
原文:https://www.janaks.com.np/password-hashing-csharp/
As a developer you probably had to make user account system where you kept user login credentials (along with other personal details). If you are still using old style like storing password in plain text or using any other weak password encryption technique like AES then your user’s data is in risk. That’s an easy way for hacker. So hashing is another secure crypto technique/algorithm to implement for security.
Hash algorithms are one way functions. They turn any amount of data into a fixed-length “fingerprint” that cannot be reversed. If the input changes by even a tiny bit, the resulting hash is completely different. This is great for protecting passwords because we want to store password in the form that protects them even if the password itself is compromised.
Building Block of password hashing:
To summarize building blocks of hashing. We having two important section.
- Generate Salt key
- Generate password hash
Few variable initialization
|
1
2
3
4
|
// 24 = 192 bits
private const int SaltByteSize = 24;
private const int HashByteSize = 24;
private const int HasingIterationsCount = 10101;
|
Byte size we are using for password salt and hash in 24 byte i.e. 192 bits and hashing iteration is 10101.
– Generating Salt key
|
1
2
3
4
5
6
7
8
9
|
internal static byte[] GenerateSalt(int saltByteSize = SaltByteSize)
{
using (RNGCryptoServiceProvider saltGenerator = new RNGCryptoServiceProvider())
{
byte[] salt = new byte[saltByteSize];
saltGenerator.GetBytes(salt);
return salt;
}
}
|
Salt is just another random number which is generated by RNGCryptoServiceProvider class. RNGCryptoServiceProvider generates high-quality random numbers. With it, we use an RNG (random number generator) that is as random as possible. This helps in applications where random numbers must be completely random. Implements a cryptographic Random Number Generator (RNG) using the implementation provided by the cryptographic service provider (CSP). Which is way more unique than output of normal random number generator function.
We are generating unique salt key per user.
– Generate password hash
|
1
2
3
4
5
6
7
8
|
internal static byte[] ComputeHash(string password, byte[] salt, int iterations = HasingIterationsCount, int hashByteSize = HashByteSize)
{
using (Rfc2898DeriveBytes hashGenerator = new Rfc2898DeriveBytes(password, salt))
{
hashGenerator.IterationCount = iterations;
return hashGenerator.GetBytes(hashByteSize);
}
}
|
For hashing we are using Rfc2898DeriveBytes class which Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
Rfc2898DeriveBytes takes a password, a salt, and an iteration count, and then generates keys through calls to the GetBytes method.
RFC 2898 includes methods for creating a key and initialization vector (IV) from a password and salt. You can use PBKDF2, a password-based key derivation function, to derive keys using a pseudo-random function that allows keys of virtually unlimited length to be generated. TheRfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count. More about Rfc2898DeriveBytes can be found here.
Regarding iteration count, it is the number of times an operation is performed. For this method, the count should be greater than zero. The minimum recommended number of iterations is 1000.
Now you get hashed password. Keep password hash and its salt key in database which is used for login validation from now on.
Lets see how to valid login credentials with password hash and salt key.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
internal static bool VerifyPassword(string password, byte[] passwordSalt, byte[] passwordHash)
{
byte[] computedHash = ComputeHash(password, passwordSalt);
return AreHashesEqual(computedHash, passwordHash);
}
//Length constant verification - prevents timing attack
private static bool AreHashesEqual(byte[] firstHash, byte[] secondHash)
{
int minHashLenght = firstHash.Length <= secondHash.Length ? firstHash.Length : secondHash.Length;
var xor = firstHash.Length ^ secondHash.Length;
for (int i = 0; i < minHashLenght; i++)
xor |= firstHash[i] ^ secondHash[i];
return 0 == xor;
}
|
We created function which takes user entered password (plain text), salt key and password hash of that user which we can get by comparing username from database.
Then again compute hash of that password using salt key and compare with original password hash if it matched then validation succeed else failed.
Tips:
You can convert password salt and key bytes to base64 string while saving it to database and revert from base64string to bytes when doing above operation.
|
1
2
3
4
5
|
//To base64 string from bytes
password.PasswordSalt = Convert.ToBase64String(passwordSaltKey);
//To bytes from base64 string
byte[] passwordSalt = Convert.FromBase64String(passwordSaltKey);
|
Security Note:
Never hard-code a password within your source code. Hard-coded passwords can be retrieved from an assembly by using the Ildasm.exe (IL Disassembler), by using a hexadecimal editor, or by simply opening up the assembly in a text editor such as Notepad.exe.
This is what it looks like.
That’s it. You can find this sample in my github.