.NET Secure Password Hashing API
Getting sick of seeing so many companies either storing plain text passwords, unsalted hashes...etc I decided to create a free for everyone .NET API which aims to be as simple to use as possible so there can be no excuses for any .NET devs out there!!!!
This API uses the PBKDF2 specification with HMACSHA512 as the underlying pseudo random function (PRF) to perform the salted hashing over your specified number of instances to eliminate the feasibility of rainbow table attacks and drive up the computing cost of generating said tables, this is known as key stretching.
This API also provides the capability to create crypto random salt strings and comes with a recommendation from Chuck Norris himself!!!
I was going to use Microsofts Rfc2898DeriveBytes(cb) implementation but after learning that it is using HMACSHA1 as the underlying PRF I decided to modernise this and decided it was time to implement PBKDF2 with HMACSHA512 instead.
- Crypto Randomly Generate Salt
- Password Policy Integration
- PBKDF2 implementation using HMACSHA512 as the underlying PRF
- Control resource usage vs key stretching by supplying iteration count as per PBKDF2 spec
- Code open source and available for peer review by security experts\cryptographers
- Uses UTF-8 encoding to support non English characters, better than implementations using ASCII
- Created using instructions for PBKDF2 standard here: http://www.ietf.org/rfc/rfc2898.txt
- Ability to call Rfc2898.PBKDF2(P,S,c,dkLen) to derive encryption keys of your specific size
- Source code includes sample GUI with common usage implemented
I think this is fantastic, but I'm biased lol ;)
no trouble to install and run, works nicely.
very easy to use