viniciuschiele / scrypt Goto Github PK

.NETCore already has hardware accelerated types (System.Numerics.Vectors) which should work cross platform - I believe functions like Salsa will be able to take advantage of that, correct me if I am wrong, I am currently looking to optimize it once I get time.

Also .NETCore has a using System.Runtime.CompilerServices package for unsafe code which allows copying bytes.

Hi.
First of all, thanks for a good project.

Look at the attached screen dump from Nuget package manager in Visual Studio.
The signed version is by RabbitSoftware not by Vinicius Chiele as I would expect.
Also the version is older.
Should I not use the Signed version?

System.Security.Cryptography.HMACSHA256 does not have Hash() and TransformFinalBlock() in .NETCore.
.NETCore documentation link

Current Functionality:
The class allows the caller to specify some header information such as iteration count, block size, and thread count, but not the salt. This makes it unusable for some credential verification workflows that require the application to derive the hash from header data for comparison in another system, service, or in-database.

Proposed Additional Functionality:
I'd like to either see the salt be made an optional parameter in a constructor overload or an overload to the Encode method that can take in all of the header parameters to compute the output. The core idea is that the caller would have control over the initial inputs so they could derive the hash from the full header to perform the hash comparison out of band with the hash derivation sequence.

Proposed Alternative Solution:
It might make sense to create a more "raw" method that outputs the values in their native format in addition to the standard format that is currently being output. This format would be returned as a class that has say a couple of byte arrays for the salt and hash as well as the version number in a separate variable; essentially this would decompose the header and encoded output into an object for direct storage and consumption.

Initializing iterationCount with value larger than 20, it will throw the OverflowException

When the ExtractHeader extracts the iteration count, it does not support iteration counts higher than 65535. Is this by design? In that case, at least the constructor should throw when specifying an iteration count that is too high.

iterationCount = (int)config >> 16 & 0xffff;

Hi @viniciuschiele I know the CryptoScrypt method is already public on the master, but it is not released on nuget. Can we please have a release on the latest master?

I am trying to update an old project using .NET Framework 4.8 and moving business logic over into .NET Standard 2.0 libraries that are shared between .NET Framework and .NET 6 apps. I moved the Scrypt hashing and comparing code line-for-line from .NET Framework into .NET Standard, but they don't recognize each other's hashes EDIT: the .NET Framework version does not recognize the .NET Standard ones, but it works the other way around; therefore an item hashed with the new library is not recognized as the same item in the old library. Is this something unique to .NET Standard, or is this the same with .NET Framework vs. .NET Core as well?

Hello,
Thank you for the great work ! I have a little question, do you have a signed version ?

Hello. This is a question, not an issue.

In the article you've referenced from CrackStation, the suggestion is to generate a salt, prepend it to the password, and then hash the concatenated string. Looking at your API, I initially thought that I perhaps needed to do that salting part manually, and then pass the salted password to the Encode method. But then I looked at the source code and noticed that you seem to take care of the salting step already.

So, do I understand this correctly that the Encode method salts the password and the the salt is embedded somewhere in the output of this method? Does this mean that I don't need to pre-salt the password before passing it into Encode, and also I don't need to store that salt separately in my database?

Thanks,
Arash