Does anyone know of a good implementation of bcrypt, I know this question has been asked before but it got very little response. I'm a bit unsure of just picking an implementation that turns up in google and am thinking that I may be better off using sha256 in the System.Security.Cryptography namespace, at least then I know it's supported! What are you thoughts?
It sounds like you are looking for BCrypt.net:
BCrypt.net is an implementation of OpenBSD's Blowfish-based password hashing code, described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières. It is a direct port of jBCrypt by Damien Miller, and is thus released under the same BSD-style license. The code is fully managed and should work with any little-endian CLI implementation -- it has been tested with Microsoft .NET and Mono.
BCrypt.Net seems to be a most popular library at this moment
Here is an example how to use it for hashing password:
[TestMethod]
public void BCryptTest()
{
const string password = "PASSWORD";
const int workFactor = 13;
var start = DateTime.UtcNow;
var hashed = BCrypt.Net.BCrypt.HashPassword(password, workFactor);
var end = DateTime.UtcNow;
Console.WriteLine("hash length is {0} chars", hashed.Length);
Console.WriteLine("Processing time is {0} with workFactor {1}", end - start, workFactor);
Console.WriteLine("Hashed password: {0} ", hashed);
Console.WriteLine("correct password {0}", BCrypt.Net.BCrypt.Verify("PASSWORD", hashed));
Console.WriteLine("incorrect password {0}", BCrypt.Net.BCrypt.Verify("PASSWORd", hashed));
}
Sample output:
hash length is 60 chars
Processing time is 00:00:01.0020000 with workFactor 13
Hashed password: $2a$13$iBqdG7ENBABEargiyzGlTexPsmviF/qrFxUZB2zce7HKF6MoBNhEq
correct password True
incorrect password False
You can find an updated implementation of BCrypt for .Net here: http://bcrypt.codeplex.com/
I needed a BCrypt implementation when moving something from PostgreSQL (which has pg_crypto) to SQLite (which doesn't), so I wrote my own. Seeing from this message I'm not the only one needing this, I've decided to slap a license on it and release it. The URL is:
http://zer7.com/software.php?page=cryptsharp
The Blowfish implementation behind it is a port of Bruce Schneier's public domain C implementation, and succeeds on all the official test vectors.
The BCrypt code I wrote myself based on the spec. I also created a PHP script which generates random passwords of length 0 to 100 and salts, crypts them, and outputs them to a test file. The C# code matches these 100% of the time so far. You are welcome to use the script and test this yourself.
The library also includes PBKDF2 code which works for any HMAC as opposed to .Net's SHA-1-only implementation (added today -- I'm intending to do SCrypt in C# soon and that requires PBKDF2 with HMAC-SHA256). You could make yourself a scheme based on this too, if you wanted.
Wrong answer, please see below
All "Cng" (Cryptography Next Generation) postfixed algorithms in the .Net Framework now use bcrypt. E.g. SHA256Cng.
Actually the MS BCrypt (BestCrypt) does not refer to the one based on the Blowfish cipher - thank you, RobbyD, for the comment.
Will not delete the answer, just in case anyone else makes the same confusion.
Have you tried this MS BCryptCreateHash C++ function perhaps?? Seems to be present from Windows Server 2008 and Windows Vista.
Also, you can probably check the following MS C# BCryptNative.cs class too perhaps.
© 2022 - 2024 — McMap. All rights reserved.