PasswordHasherLibrary

PasswordHasherLibrary

PasswordHasherLibrary is a C# library designed to securely hash and verify passwords using SHA512, along with techniques such as salting, peppering, and timing-attack prevention. It provides both synchronous and asynchronous methods to fit various application needs.

Installation

You can install the package via NuGet Package Manager:

dotnet add package PasswordHasherLibrary

Or search for PasswordHasherLibrary in the NuGet Package Manager in Visual Studio.

Usage

Here's how you can use the PasswordHasherLibrary in your .NET project:

Synchronous Methods

Hashing a Password

using PasswordHasherLibrary;

class Program
{
    static void Main(string[] args)
    {
        var hasher = new PasswordHasher();

        // Hash a password
        string password = "my_secure_password";
        string hashedPassword = hasher.HashPassword(password);
        Console.WriteLine($"Hashed Password: {hashedPassword}");
    }
}

Verifying a Password

using PasswordHasherLibrary;

class Program
{
    static void Main(string[] args)
    {
        var hasher = new PasswordHasher();

        string password = "my_secure_password";
        string hashedPassword = hasher.HashPassword(password);

        // Verify the password
        bool isPasswordValid = hasher.VerifyPassword(password, hashedPassword);
        Console.WriteLine($"Password is valid: {isPasswordValid}");
    }
}

Hashing a Password with Salt

using PasswordHasherLibrary;
using System;

class Program
{
    static void Main(string[] args)
    {
        var hasher = new PasswordHasher();

        // Generate a new salt
        string salt = hasher.CreateSalt();
        Console.WriteLine($"Generated Salt: {salt}");

        // Hash a password with salt and pepper
        string password = "my_secure_password";
        string hashedPassword = hasher.HashPasswordWithSalt(password, salt);
        Console.WriteLine($"Hashed Password with Salt: {hashedPassword}");
    }
}

Verifying a Password with Salt

using PasswordHasherLibrary;
using System;

class Program
{
    static void Main(string[] args)
    {
        var hasher = new PasswordHasher();

        string password = "my_secure_password";
        string salt = hasher.CreateSalt();
        string hashedPassword = hasher.HashPasswordWithSalt(password, salt);

        // Verify the password with salt and pepper
        bool isPasswordValid = hasher.VerifyPasswordWithSalt(password, salt, hashedPassword);
        Console.WriteLine($"Password is valid: {isPasswordValid}");
    }
}

Asynchronous Methods

Hashing a Password Asynchronously

using PasswordHasherLibrary;
using System;
using System.Threading.Tasks;

class Program
{
    static async Task Main(string[] args)
    {
        var hasher = new PasswordHasher();

        // Asynchronously hash a password
        string password = "my_secure_password";
        string hashedPassword = await hasher.HashPasswordAsync(password);
        Console.WriteLine($"Hashed Password: {hashedPassword}");
    }
}

Verifying a Password Asynchronously

using PasswordHasherLibrary;
using System;
using System.Threading.Tasks;

class Program
{
    static async Task Main(string[] args)
    {
        var hasher = new PasswordHasher();

        string password = "my_secure_password";
        string hashedPassword = await hasher.HashPasswordAsync(password);

        // Asynchronously verify the password
        bool isPasswordValid = await hasher.VerifyPasswordAsync("my_secure_password", hashedPassword);
        Console.WriteLine($"Password is valid: {isPasswordValid}");
    }
}

Asynchronously Hashing a Password with Salt

using PasswordHasherLibrary;
using System;
using System.Threading.Tasks;

class Program
{
    static async Task Main(string[] args)
    {
        var hasher = new PasswordHasher();

        // Generate a new salt
        string salt = hasher.CreateSalt();
        Console.WriteLine($"Generated Salt: {salt}");

        // Asynchronously hash a password with salt and pepper
        string password = "my_secure_password";
        string hashedPassword = await hasher.HashPasswordWithSaltAsync(password, salt);
        Console.WriteLine($"Hashed Password with Salt (Async): {hashedPassword}");
    }
}

Asynchronously Verifying a Password with Salt

using PasswordHasherLibrary;
using System;
using System.Threading.Tasks;

class Program
{
    static async Task Main(string[] args)
    {
        var hasher = new PasswordHasher();

        string password = "my_secure_password";
        string salt = hasher.CreateSalt();
        string hashedPassword = await hasher.HashPasswordWithSaltAsync(password, salt);

        // Asynchronously verify the password with salt and pepper
        bool isPasswordValid = await hasher.VerifyPasswordWithSaltAsync(password, salt, hashedPassword);
        Console.WriteLine($"Password is valid (Async): {isPasswordValid}");
    }
}

Methods

Synchronous Methods

• string HashPassword(string password)

  • Description: Hashes the input password using SHA512 and returns the hashed password as a hexadecimal string.
  • Parameters: string password - The password to hash.
  • Returns: string - The hashed password.

• bool VerifyPassword(string password, string hashedPassword)

  • Description: Verifies that the input password, when hashed, matches the stored hashed password.
  • Parameters:
    • string password - The input password to verify.
    • string hashedPassword - The stored hashed password to compare against.
  • Returns: bool - true if the password is valid; otherwise, false.

Synchronous Methods with Salting

• string HashPasswordWithSalt(string password, string salt)

  • Description: Hashes the input password with the provided salt and a pepper value using SHA512.
  • Parameters:
    • string password - The password to hash.
    • string salt - The unique salt for this password.
  • Returns: string - The hashed password.

• bool VerifyPasswordWithSalt(string password, string salt, string hashedPassword)

  • Description: Verifies that the input password, when hashed with the salt and pepper, matches the stored hashed password.
  • Parameters:
    • string password - The input password to verify.
    • string salt - The salt used for the original hash.
    • string hashedPassword - The stored hashed password to compare against.
  • Returns: bool - true if the password is valid; otherwise, false.

Asynchronous Methods with Salting

• Task<string> HashPasswordWithSaltAsync(string password, string salt)

  • Description: Asynchronously hashes the input password with the provided salt and a pepper value using SHA512.
  • Parameters:
    • string password - The password to hash.
    • string salt - The unique salt for this password.
  • Returns: Task<string> - The hashed password.

• Task<bool> VerifyPasswordWithSaltAsync(string password, string salt, string hashedPassword)

  • Description: Asynchronously verifies that the input password, when hashed with the salt and pepper, matches the stored hashed password.
  • Parameters:
    • string password - The input password to verify.
    • string salt - The salt used for the original hash.
    • string hashedPassword - The stored hashed password to compare against.
  • Returns: Task<bool> - true if the password is valid; otherwise, false.

Security Note

• This library uses SHA512 for hashing, which is a secure hash algorithm. However, for production use and to further enhance security, consider using more advanced algorithms like bcrypt, PBKDF2, or Argon2, especially for password hashing.
• Always use proper password policies and security practices to protect user data.

License

This project is licensed under the MIT License. See the LICENSE file for more details.

Author

Developed by Håvard Brækken.

Acknowledgements

• Special thanks to the .NET community for providing great resources and inspiration.