.net implementation of bcrypt

2019-01-08 05:13发布

Does anyone know of a good implementation of bcrypt, I know this question has been asked before but it got very little response. I'm a bit unsure of just picking an implementation that turns up in google and am thinking that I may be better off using sha256 in the System.Security.Cryptography namespace, at least then I know it's supported! What are you thoughts?

6条回答
Rolldiameter
2楼-- · 2019-01-08 05:44

I needed a BCrypt implementation when moving something from PostgreSQL (which has pg_crypto) to SQLite (which doesn't), so I wrote my own. Seeing from this message I'm not the only one needing this, I've decided to slap a license on it and release it. The URL is:

http://zer7.com/software.php?page=cryptsharp

The Blowfish implementation behind it is a port of Bruce Schneier's public domain C implementation, and succeeds on all the official test vectors.

The BCrypt code I wrote myself based on the spec. I also created a PHP script which generates random passwords of length 0 to 100 and salts, crypts them, and outputs them to a test file. The C# code matches these 100% of the time so far. You are welcome to use the script and test this yourself.

The library also includes PBKDF2 code which works for any HMAC as opposed to .Net's SHA-1-only implementation (added today -- I'm intending to do SCrypt in C# soon and that requires PBKDF2 with HMAC-SHA256). You could make yourself a scheme based on this too, if you wanted.

查看更多
Lonely孤独者°
3楼-- · 2019-01-08 05:48

You can find an updated implementation of BCrypt for .Net here: http://bcrypt.codeplex.com/

查看更多
时光不老,我们不散
4楼-- · 2019-01-08 05:58

BCrypt.Net seems to be a most popular library at this moment

http://bcrypt.codeplex.com/

Here is an example how to use it for hashing password:

[TestMethod]
    public void BCryptTest()
    {
        const string password = "PASSWORD";
        const int workFactor = 13;

        var start = DateTime.UtcNow;
        var hashed = BCrypt.Net.BCrypt.HashPassword(password, workFactor);
        var end = DateTime.UtcNow;

        Console.WriteLine("hash length is {0} chars", hashed.Length);
        Console.WriteLine("Processing time is {0} with workFactor {1}", end - start, workFactor);
        Console.WriteLine("Hashed password: {0} ", hashed);
        Console.WriteLine("correct password {0}", BCrypt.Net.BCrypt.Verify("PASSWORD", hashed));
        Console.WriteLine("incorrect password {0}", BCrypt.Net.BCrypt.Verify("PASSWORd", hashed));
    }

Sample output:

hash length is 60 chars
Processing time is 00:00:01.0020000 with workFactor 13
Hashed password: $2a$13$iBqdG7ENBABEargiyzGlTexPsmviF/qrFxUZB2zce7HKF6MoBNhEq 
correct password True
incorrect password False
查看更多
放荡不羁爱自由
5楼-- · 2019-01-08 05:59

It sounds like you are looking for BCrypt.net:

BCrypt.net is an implementation of OpenBSD's Blowfish-based password hashing code, described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières. It is a direct port of jBCrypt by Damien Miller, and is thus released under the same BSD-style license. The code is fully managed and should work with any little-endian CLI implementation -- it has been tested with Microsoft .NET and Mono.

查看更多
狗以群分
6楼-- · 2019-01-08 06:00

All "Cng" (Cryptography Next Generation) postfixed algorithms in the .Net Framework now use bcrypt. E.g. SHA256Cng.

查看更多
Lonely孤独者°
7楼-- · 2019-01-08 06:07

Have you tried this MS BCryptCreateHash C++ function perhaps?? Seems to be present from Windows Server 2008 and Windows Vista.

Also, you can probably check the following MS C# BCryptNative.cs class too perhaps.

查看更多
登录 后发表回答