I need to import a bunch of user accounts Moodle into a system written in c#.
Moodle uses password_hash() function to create hashes of passwords. I need to be able to verify these passwords in c#.
In other words I looking for a c# implementation of PHP's password verify function (
http://www.php.net/manual/en/function.password-verify.php ).
I've googled a bit but couldn't really find anything close, so I am asking in hopes of avoiding reinventing the wheel :-)
Thanks!
Got it!
First install CryptSharp via NuGet Package. (Use the 2.0 "official" package), and by the way, BCrypt.net didn't work for me.
Then:
using CryptSharp;
bool matches = Crypter.CheckPassword("password goes here", "hash goes here");
Note that hash should start with something like:
"$2y$..."
Works like a charm! :-)
Well i know you don't want to write a code for it, .Net has a built in Cryptography library that computes the hash and encrypts it.
You have to use it by importing Security.Cryptography. You can compare the result with the one saved in your DB. Here's the code.
class Program
{
static int SaltValueSize = 8;
static void Main(string[] args)
{
string pass = "Password";
string result = ComputeHash(pass, new MD5CryptoServiceProvider());
Console.WriteLine("Original: " + pass + "\nEncrypted: " + result);
Console.WriteLine("Is user valid: " + IsUserValid("UserName", pass));
Console.WriteLine("With Salt, Original: " + pass + "\nEcrypted: " + System.Text.Encoding.Default.GetString(ComputePasswordHash(pass, salted)));
Console.ReadLine();
}
private static byte[] ComputePasswordHash(string password, int salt)
{
byte[] saltBytes = new byte[4];
saltBytes[0] = (byte)(salt >> 24);
saltBytes[1] = (byte)(salt >> 16);
saltBytes[2] = (byte)(salt >> 8);
saltBytes[3] = (byte)(salt);
byte[] passwordBytes = UTF8Encoding.UTF8.GetBytes(password);
byte[] preHashed = new byte[saltBytes.Length + passwordBytes.Length];
System.Buffer.BlockCopy(passwordBytes, 0, preHashed, 0, passwordBytes.Length);
System.Buffer.BlockCopy(saltBytes, 0, preHashed, passwordBytes.Length, saltBytes.Length);
SHA1 sha1 = SHA1.Create();
return sha1.ComputeHash(preHashed);
}
public static string ComputeHash(string input, HashAlgorithm algorithm)
{
Byte[] inputBytes = Encoding.UTF8.GetBytes(input);
Byte[] hashedBytes = algorithm.ComputeHash(inputBytes);
return BitConverter.ToString(hashedBytes);
}
public static bool IsUserValid(string userName, string password)
{
bool isValid;
string result = VerifyPassword(password);
// isValid = Your database call in a form of Inverted statement which you
//can check if the user with the hashed password exists or Not
return isValid;
}
public static string VerifyPassword(string password)
{
return ComputeHash(password, new MD5CryptoServiceProvider());
}
}