singulink / singulink.cryptography.passwordhasher.argon2 Goto Github PK
View Code? Open in Web Editor NEWAdds Argon2 hash algorithm support to PasswordHasher.
singulink.cryptography.passwordhasher.argon2's People
Contributors
Watchers
singulink.cryptography.passwordhasher.argon2's Issues
The current implementation doesn't work correctly at all
Hi!
First of all, let me say that I found your PasswordHasher library today and it's just perfect for my use case.
I'm rather surprised that this library is not very popular.
I love the rehash and update functionality, which seems like a textbook implementation of the guidelines on the OWASP Password Storage Cheat Sheet.
Also, the documentation provided in the README is understandable, straight to the point, and it explains all available features.
However, I have found a very serious bug in your Argon2 implementation, which unfortunately is not detected by a unit test.
In short, the Argon2HashAlgorithm.Hash(...) method always returns a byte array containing only zeroes.
This effectively makes the PasswordHasher believe that all passwords are the same.
The cause for this is that the SecureArray<byte>.Buffer is returned directly by the method, but at the same time the SecureArray<byte> is disposed through a using statement, which in turn zeroes out the buffer before it is actually returned to the caller.
I would suggest two changes:
- return a copy of the
SecureArray<byte>.Buffercontents - add a unit test which ensures that the
PasswordHasher.Verify(...)method returns false for the wrong password
If you want I could provide a pull request for that.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.