ASP.NET (C#) Password Hashing Code

1. /*
2.  * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
3.  * Copyright (c) 2013, Taylor Hornby
4.  * All rights reserved.
5.  *
6.  * Redistribution and use in source and binary forms, with or without
7.  * modification, are permitted provided that the following conditions are met:
8.  *
9.  * 1. Redistributions of source code must retain the above copyright notice,
10.  * this list of conditions and the following disclaimer.
11.  *
12.  * 2. Redistributions in binary form must reproduce the above copyright notice,
13.  * this list of conditions and the following disclaimer in the documentation
14.  * and/or other materials provided with the distribution.
15.  *
16.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26.  * POSSIBILITY OF SUCH DAMAGE.
27.  */
28.  
29. using System;
30. using System.Text;
31. using System.Security.Cryptography;
32.  
33. namespace PasswordHash
34. {
35.     /// <summary>
36.     /// Salted password hashing with PBKDF2-SHA1.
37.     /// Author: havoc AT defuse.ca
38.     /// www: http://crackstation.net/hashing-security.htm
39.     /// Compatibility: .NET 3.0 and later.
40.     /// </summary>
41.     public class PasswordHash
42.     {
43.         // The following constants may be changed without breaking existing hashes.
44.         public const int SALT_BYTE_SIZE = 24;
45.         public const int HASH_BYTE_SIZE = 24;
46.         public const int PBKDF2_ITERATIONS = 1000;
47.  
48.         public const int ITERATION_INDEX = 0;
49.         public const int SALT_INDEX = 1;
50.         public const int PBKDF2_INDEX = 2;
51.  
52.         /// <summary>
53.         /// Creates a salted PBKDF2 hash of the password.
54.         /// </summary>
55.         /// <param name="password">The password to hash.</param>
56.         /// <returns>The hash of the password.</returns>
57.         public static string CreateHash(string password)
58.         {
59.             // Generate a random salt
60.             RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
61.             byte[] salt = new byte[SALT_BYTE_SIZE];
62.             csprng.GetBytes(salt);
63.  
64.             // Hash the password and encode the parameters
65.             byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
66.             return PBKDF2_ITERATIONS + ":" +
67.                 Convert.ToBase64String(salt) + ":" +
68.                 Convert.ToBase64String(hash);
69.         }
70.  
71.         /// <summary>
72.         /// Validates a password given a hash of the correct one.
73.         /// </summary>
74.         /// <param name="password">The password to check.</param>
75.         /// <param name="correctHash">A hash of the correct password.</param>
76.         /// <returns>True if the password is correct. False otherwise.</returns>
77.         public static bool ValidatePassword(string password, string correctHash)
78.         {
79.             // Extract the parameters from the hash
80.             char[] delimiter = { ':' };
81.             string[] split = correctHash.Split(delimiter);
82.             int iterations = Int32.Parse(split[ITERATION_INDEX]);
83.             byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
84.             byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
85.  
86.             byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
87.             return SlowEquals(hash, testHash);
88.         }
89.  
90.         /// <summary>
91.         /// Compares two byte arrays in length-constant time. This comparison
92.         /// method is used so that password hashes cannot be extracted from
93.         /// on-line systems using a timing attack and then attacked off-line.
94.         /// </summary>
95.         /// <param name="a">The first byte array.</param>
96.         /// <param name="b">The second byte array.</param>
97.         /// <returns>True if both byte arrays are equal. False otherwise.</returns>
98.         private static bool SlowEquals(byte[] a, byte[] b)
99.         {
100.             uint diff = (uint)a.Length ^ (uint)b.Length;
101.             for (int i = 0; i < a.Length && i < b.Length; i++)
102.                 diff |= (uint)(a[i] ^ b[i]);
103.             return diff == 0;
104.         }
105.  
106.         /// <summary>
107.         /// Computes the PBKDF2-SHA1 hash of a password.
108.         /// </summary>
109.         /// <param name="password">The password to hash.</param>
110.         /// <param name="salt">The salt.</param>
111.         /// <param name="iterations">The PBKDF2 iteration count.</param>
112.         /// <param name="outputBytes">The length of the hash to generate, in bytes.</param>
113.         /// <returns>A hash of the password.</returns>
114.         private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
115.         {
116.             Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
117.             pbkdf2.IterationCount = iterations;
118.             return pbkdf2.GetBytes(outputBytes);
119.         }
120.     }
121. }