问题描述

我正在考虑在我的身份验证库中允许bcrypt支持。现在的问题之一是我假设hasher将是 HashAlgorithm 类型。 Bcrypt.net不会实现这个类。此外，它是密封的，所以我将不得不使自己的分支，并自己修改它。有没有更好的替代品已经实现HashAlgorithm？

试试这个：

  public class BCryptHasher：HashAlgorithm 
 {
 private MemoryStream passwordStream = null; 
 $ b保护覆盖无效HashCore（byte []数组，int ibStart，int cbSize）
 {
 if（passwordStream == null || Salt == null）
初始化（）; 
 
 passwordStream.Write（array，ibStart，cbSize）; 
 
 
保护覆盖字节[] HashFinal（）
 {
 passwordStream.Flush（）; 
 
 //获取hash 
返回Encoding.UTF8.GetBytes（BCrypt.Net.BCrypt.HashPassword（Encoding.UTF8.GetString（passwordStream.ToArray（）），Salt））; 
 
 
 public override void Initialize（）
 {
 passwordStream = new MemoryStream（）; 
 
 //设置salt 
 if（Salt == null）
 {
 if（WorkFactor == 0）
 Salt = BCrypt.Net。 BCrypt.GenerateSalt（）; 
 else 
 Salt = BCrypt.Net.BCrypt.GenerateSalt（WorkFactor）; 
} 
} 
 
 public int WorkFactor {get;组; } 
 
公共字符串Salt {get;组; } 
 
 public bool Verify（string plain，string hash）
 {
 return BCrypt.Net.BCrypt.Verify（plain，hash）; 
 
 
 $ / code $ / pre 
 
 
用法：
 
 
  BCryptHasher hasher = new BCryptHasher（）; 
 string pw =abc; 
 string hash = Encoding.UTF8.GetString（hasher.ComputeHash（Encoding.UTF8.GetBytes（pw）））; 
  
另外，我添加了一个辅助验证方法，以便验证密码和哈希匹配，但是您如果你只是调用默认的BCrypt.Verify，可以消除这个问题。
  bool matches = hasher.Verify（pw，hash）; 
  
我添加了一些额外的属性，因此您可以传递预先计算的盐份或工作因子来生成一个新的盐，然后你做散列：
  string pw =abc; 
 hasher.Salt =$ 2a $ 06 $ If6bvum7DFjUnE9p2uDeDu; 
 string hash = Encoding.UTF8.GetString（hasher.ComputeHash（Encoding.UTF8.GetBytes（pw）））; 
  
我用BCrypt测试用例abc尝试了一个盐$ 2a $ 06 $ If6bvum7DFjUnE9p2uDeDu 并得到正确的散列。
 
I'm looking to allow bcrypt support in my authentication library. One of the problems right now is that I assume that the hasher will be of type HashAlgorithm. Bcrypt.net does not implement this class. Also, it's sealed so I would have to make my own branch off of it and modify it myself. Are there any better alternatives that already implement HashAlgorithm?
 解决方案 
Try this:
public class BCryptHasher : HashAlgorithm
{
    private MemoryStream passwordStream = null;

    protected override void HashCore(byte[] array, int ibStart, int cbSize)
    {
        if (passwordStream == null || Salt == null)
            Initialize();

        passwordStream.Write(array, ibStart, cbSize);
    }

    protected override byte[] HashFinal()
    {
        passwordStream.Flush();

        // Get the hash
        return Encoding.UTF8.GetBytes(BCrypt.Net.BCrypt.HashPassword(Encoding.UTF8.GetString(passwordStream.ToArray()), Salt));
    }

    public override void Initialize()
    {
        passwordStream = new MemoryStream();

        // Set up salt
        if (Salt == null)
        {
            if (WorkFactor == 0)
                Salt = BCrypt.Net.BCrypt.GenerateSalt();
            else
                Salt = BCrypt.Net.BCrypt.GenerateSalt(WorkFactor);
        }
    }

    public int WorkFactor { get; set; }

    public string Salt { get; set; }

    public bool Verify(string plain, string hash)
    {
        return BCrypt.Net.BCrypt.Verify(plain, hash);
    }
}
Usage:
BCryptHasher hasher = new BCryptHasher();
string pw = "abc";
string hash = Encoding.UTF8.GetString(hasher.ComputeHash(Encoding.UTF8.GetBytes(pw)));
Also, I added a helper Verify method so you can verify that the password and hash match, but you can eliminate this if you just call the default BCrypt.Verify.
bool matches = hasher.Verify(pw, hash);
I added some extra properties so you can pass in a pre-computed salt or a work factor to generate a new salt before you do the hash:
string pw = "abc";
hasher.Salt = "$2a$06$If6bvum7DFjUnE9p2uDeDu";
string hash = Encoding.UTF8.GetString(hasher.ComputeHash(Encoding.UTF8.GetBytes(pw)));
I tried it with the BCrypt test case "abc" with a salt of "$2a$06$If6bvum7DFjUnE9p2uDeDu" and got the correct hash.
                        
这篇关于.Net实现bcrypt，实现HashAlgorithm？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！