Closed mlunax closed 3 years ago
samuel-lucas6
commented
3 years ago @mlunax What do you mean exactly? Cryptography generally deals with bytes. If you're referring to the password parameter, then you can use string passwords for scrypt and Argon2. However, byte array passwords should be preferred since strings are immutable and cannot be erased from memory. You can use Encoding.UTF8.GetBytes() to convert passwords to a byte array.
mlunax
commented
3 years ago ScryptHashString() makes the 32 byte hash
I would like to see parametr or another function to make 64 byte hash (SHA512).
Or if u know how to store Raw bytes in database @samuel-lucas6 I would love to get know about it.
samuel-lucas6
commented
3 years ago
ScryptHashString()makes the 32 byte hash I would like to see parametr or another function to make 64 byte hash (SHA512).Or if u know how to store Raw bytes in database @samuel-lucas6 I would love to get know about it.
mlunax
commented
3 years ago And now, how to compare password from this way? I mean how to write login function? Edit: I have randomized salt. EDIT2: I came up with storing (in database) the salt and hash together, like the Linux's shadow has. (I don't know is it a good idea, if not tell me please)
samuel-lucas6
commented
3 years ago And now, how to compare password from this way? I mean how to write login function? Edit: I have randomized salt. EDIT2: I came up with storing (in database) the salt and hash together, like the Linux's shadow has. (I don't know is it a good idea, if not tell me please)
You can convert the stored password from Base64 to a byte array and then use Sodium.Utilities.Compare() to compare the two password byte arrays.
mlunax
commented
3 years ago Yeah I was debbuing the way to do it. After the read your source code of your file encryptor i found this util.
I would love to see a Scrypt or Argon for sha512 for passwords without playing with raw bytes.