bcrypt for c#
--------------
I'm currently working on auth.im (a secure way for developers to create, use, access and manage a login system from various types of applications c, c++, c#, vb, python etc...)
when I got to doing a example in c# I realized there is no blowfish adaptive hash for c#.
So I created this little c++ dll with a .NET wrapper using botan and it's blowfish (bcrypt) implementation so I would have access to blowfish and it's adaptive hash.
What is this adaptive hash?
---------------------------
Blowfish is used for making a safe (or safer) storable / transmittable hash of a users password. This is done by utalizing an adaptive hash using blowfish and it's algorithm's
keying schedule.
A little background
-------------------
Let's say for example a user has the password: "jerry1" (you know who you are all you people who use stupid weak passwords) Now let's say we somehow
get our hands on a hash of this password done with SHA1. "ba7d7b449beda02998525382f2b09f6c265e7139", while at least we are not transmitting a password
via plaintext however this hash is almost just as week. The main weakness with all forms of hashing, and the true enemy of hashing is in fact time.
Yes time. The more time the user has and the better computer equipment the user has access to the faster the inevitability that this password will
be guessed.
SAH1 for example is meant to be a fast hashing with a little memory footprint which makes implementing on hardware easy. It can be easily paralleled on
many ALUs, for example on GPU. This makes cracking passwords using a decent new-ish graphics card very easy. Currently on a 50.00 nvidia graphics card
I can check about 300^10 SHA1 hashes per second. That's 5 904 900 000 000 000 000 000 000 passwords every second I can check. o.O
Here is where we come in bcrypt has what we call work factor, what this does is in essence takes away the attackers ability to parallel compute hashes slowing
them down hugly. Say we take our "jerry1" password that's 6 chars long and apply a work factor of 15. That now takes 2.370805978775 to calculate a hash on
this single password!
Ok ok, how do i use this?
-------------------------
Reference the authim.dll from your c# project and then
Code:
using (var Authim = new AuthimNET())
{
short work_factor = 12;
string blowfish_hash = Authim.mkHash("password", work_factor);
}
If you need more examples check out the source included below.
