I have made a website, in which on login I am using pbkdf2_sha256 for password hashing. I have used salt also. I want to make a simple software just for the experience, I want to login into the c# software using same credentials as saved by the website. I have seen Rfc2898DeriveBytes I guess it only takes 2 arguments (password, salt in integer). But what about iterations I have specified on the website?
Anyone, please guide me how to make a login in c# (WPF) application and use pbkdf2_sha256 to create a hash and to verify the password.
I have seen PBKDF2.Net NuGet package and BouncyCastle NuGet Package, but i am not getting how to use them i am getting a lot of error in syntax what ever i have copied from some sites.
i have also used
var salt = "FbSnXHPo12gb";
var password = "geheim";
var interactions = 12000;
using (var hmac = new HMACSHA256())
{
var df = new Pbkdf2(hmac, password, salt, interactions);
Console.WriteLine(Convert.ToBase64String(df.GetBytes(32)));
}
please help me
What I have tried:
using System.Security.Cryptography;
using System.Configuration;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;
namespace login
{
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
}
private void test_Click(object sender, RoutedEventArgs e)
{
int iterations = 100000;
int saltByteSize = 64;
int hashByteSize = 128;
BouncyCastleHashing mainHashingLib = new BouncyCastleHashing();
var password = "password";
byte[] saltBytes = mainHashingLib.CreateSalt(saltByteSize);
string saltString = Convert.ToBase64String(saltBytes);
string pwdHash = mainHashingLib.PBKDF2_SHA256_GetHash(password, saltString, iterations, hashByteSize);
var isValid = mainHashingLib.ValidatePassword(password, saltBytes, iterations, hashByteSize, Convert.FromBase64String(pwdHash));
}
}
}