singulink / singulink.cryptography.passwordhasher.argon2 Goto Github PK
View Code? Open in Web Editor NEWAdds Argon2 hash algorithm support to PasswordHasher.
Adds Argon2 hash algorithm support to PasswordHasher.
Hi!
First of all, let me say that I found your PasswordHasher library today and it's just perfect for my use case.
I'm rather surprised that this library is not very popular.
I love the rehash and update functionality, which seems like a textbook implementation of the guidelines on the OWASP Password Storage Cheat Sheet.
Also, the documentation provided in the README is understandable, straight to the point, and it explains all available features.
However, I have found a very serious bug in your Argon2 implementation, which unfortunately is not detected by a unit test.
In short, the Argon2HashAlgorithm.Hash(...)
method always returns a byte array containing only zeroes.
This effectively makes the PasswordHasher believe that all passwords are the same.
The cause for this is that the SecureArray<byte>.Buffer
is returned directly by the method, but at the same time the SecureArray<byte>
is disposed through a using
statement, which in turn zeroes out the buffer before it is actually returned to the caller.
I would suggest two changes:
SecureArray<byte>.Buffer
contentsPasswordHasher.Verify(...)
method returns false for the wrong passwordIf you want I could provide a pull request for that.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.