A very important aspect of designing a secure account system is how to protect the user's password. The simplest way to protect a user's password is to use a password hash with salt (salted password hashing).
The specific operation is to add a random prefix or suffix to the password, and then hash. This random suffix or prefix becomes "salt". By adding salt, the same password each time the hash is a completely different string. We also need this salt to check if the password entered by the user is correct, so the salt is usually stored in the database with the hash, or as part of the hash string.
If you need to achieve a higher level of security, consider having a different database for the salt value and the final hash result.
When comparing the result of adding salt hash, pay attention to the use of time-constant comparison function.
In normal cases, when comparing two strings, the function is compared by one character of a character, and returns immediately if a character does not match. The attacker can determine whether the first few characters are correct based on the length of the verification, and then step through the correction to get the correct results.
Therefore, when comparing hashes, the use of time-constant comparison functions can make the attacker feel puzzled.
The specific implementation is as follows:
usingSystem;usingSystem.Text;usingSystem.Security.Cryptography;namespacepasswordhash{/// <summary> ///Salted password hashing with PBKDF2-SHA1.
/// </summary> Public classPasswordHash {//The following constants may be changed without breaking existing hashes. Public Const intSalt_byte_size = -; Public Const intHash_byte_size = -; Public Const intPbkdf2_iterations = +; Public Const intIteration_index =0; Public Const intSalt_index =1; Public Const intPbkdf2_index =2; /// <summary> ///creates a salted PBKDF2 hash of the password. /// </summary> /// <param name= "password" >The password to hash.</param> /// <returns>The hash of the password.</returns> Public Static stringCreateHash (stringpassword) { //Generate a random saltRNGCryptoServiceProvider csprng =NewRNGCryptoServiceProvider (); byte[] Salt =New byte[Salt_byte_size]; Csprng. GetBytes (salt); //Hash The password and encode the parameters byte[] hash =PBKDF2 (password, salt, pbkdf2_iterations, hash_byte_size); returnPbkdf2_iterations +":"+convert.tobase64string (salt)+":"+convert.tobase64string (hash); } /// <summary> ///validates a password given a hash of the correct one. /// </summary> /// <param name= "password" >The password to check.</param> /// <param name= "Correcthash" >A Hash of the correct password.</param> /// <returns>True If the password is correct. False otherwise.</returns> Public Static BOOLValidatePassword (stringPasswordstringCorrecthash) { //Extract The parameters from the hash Char[] delimiter = {':' }; string[] split =Correcthash.split (delimiter); intiterations =Int32.Parse (Split[iteration_index]); byte[] Salt =convert.frombase64string (Split[salt_index]); byte[] hash =convert.frombase64string (Split[pbkdf2_index]); byte[] Testhash =PBKDF2 (password, salt, iterations, hash. Length); returnslowequals (hash, testhash); } /// <summary> ///compares-byte arrays in length-constant time. This comparison///method is used so, password hashes cannot be extracted from///on-line systems using a timing attack and then attacked off-line. /// </summary> /// <param name= "a" >The first byte array.</param> /// <param name= "B" >The second byte array.</param> /// <returns>True If both byte arrays is equal. False otherwise.</returns> Private Static BOOLSlowequals (byte[] A,byte[] b) {UINTdiff = (UINT) A.length ^ (UINT) B.length; for(inti =0; I < a.length && I < b.length; i++) diff|= (UINT) (A[i] ^B[i]); returndiff = =0; } /// <summary> ///computes the PBKDF2-SHA1 hash of a password. /// </summary> /// <param name= "password" >The password to hash.</param> /// <param name= "Salt" >The salt.</param> /// <param name= "iterations" >The PBKDF2 iteration count.</param> /// <param name= "Outputbytes" >the length of the hash to generate, in bytes.</param> /// <returns>A Hash of the password.</returns> Private Static byte[] PBKDF2 (stringPasswordbyte[] Salt,intIterations,intoutputbytes) {rfc2898derivebytes PBKDF2=Newrfc2898derivebytes (password, salt); Pbkdf2. IterationCount=iterations; returnPBKDF2. GetBytes (outputbytes); } }}
Design a secure account system