viniciuschiele / scrypt Goto Github PK
View Code? Open in Web Editor NEWA .NET implementation of scrypt password hash algorithm.
License: Apache License 2.0
A .NET implementation of scrypt password hash algorithm.
License: Apache License 2.0
.NETCore already has hardware accelerated types (System.Numerics.Vectors) which should work cross platform - I believe functions like Salsa will be able to take advantage of that, correct me if I am wrong, I am currently looking to optimize it once I get time.
Also .NETCore has a using System.Runtime.CompilerServices package for unsafe code which allows copying bytes.
System.Security.Cryptography.HMACSHA256 does not have Hash() and TransformFinalBlock() in .NETCore.
.NETCore documentation link
Current Functionality:
The class allows the caller to specify some header information such as iteration count, block size, and thread count, but not the salt. This makes it unusable for some credential verification workflows that require the application to derive the hash from header data for comparison in another system, service, or in-database.
Proposed Additional Functionality:
I'd like to either see the salt be made an optional parameter in a constructor overload or an overload to the Encode
method that can take in all of the header parameters to compute the output. The core idea is that the caller would have control over the initial inputs so they could derive the hash from the full header to perform the hash comparison out of band with the hash derivation sequence.
Proposed Alternative Solution:
It might make sense to create a more "raw" method that outputs the values in their native format in addition to the standard format that is currently being output. This format would be returned as a class that has say a couple of byte arrays for the salt and hash as well as the version number in a separate variable; essentially this would decompose the header and encoded output into an object for direct storage and consumption.
Initializing iterationCount with value larger than 20, it will throw the OverflowException
When the ExtractHeader
extracts the iteration count, it does not support iteration counts higher than 65535. Is this by design? In that case, at least the constructor should throw when specifying an iteration count that is too high.
iterationCount = (int)config >> 16 & 0xffff;
Hi @viniciuschiele I know the CryptoScrypt
method is already public on the master
, but it is not released on nuget. Can we please have a release on the latest master?
I am trying to update an old project using .NET Framework 4.8 and moving business logic over into .NET Standard 2.0 libraries that are shared between .NET Framework and .NET 6 apps. I moved the Scrypt hashing and comparing code line-for-line from .NET Framework into .NET Standard, but they don't recognize each other's hashes EDIT: the .NET Framework version does not recognize the .NET Standard ones, but it works the other way around; therefore an item hashed with the new library is not recognized as the same item in the old library. Is this something unique to .NET Standard, or is this the same with .NET Framework vs. .NET Core as well?
Hello,
Thank you for the great work ! I have a little question, do you have a signed version ?
Hello. This is a question, not an issue.
In the article you've referenced from CrackStation, the suggestion is to generate a salt, prepend it to the password, and then hash the concatenated string. Looking at your API, I initially thought that I perhaps needed to do that salting part manually, and then pass the salted password to the Encode method. But then I looked at the source code and noticed that you seem to take care of the salting step already.
So, do I understand this correctly that the Encode method salts the password and the the salt is embedded somewhere in the output of this method? Does this mean that I don't need to pre-salt the password before passing it into Encode, and also I don't need to store that salt separately in my database?
Thanks,
Arash
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.