From 3df199ba20c094409b37e5706cdea2749c1adfc3 Mon Sep 17 00:00:00 2001 From: Mag-nus Date: Sun, 7 Jan 2024 08:43:08 -0600 Subject: [PATCH] Switch from BCrypt.Net-Core to BCrypt.Net-Next BCrypt.Net-Core was a 3rd party release to port BCrypt.Net to .NET Core in the early days of .NET Core. BCrypt.Net-Next is the current standard for BCrypt.Net https://github.com/BcryptNet/bcrypt.net --- Source/ACE.Common/ACE.Common.csproj | 2 +- Source/ACE.Common/Cryptography/BCryptProvider.cs | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/Source/ACE.Common/ACE.Common.csproj b/Source/ACE.Common/ACE.Common.csproj index ab7bc04754..26dec5e13d 100644 --- a/Source/ACE.Common/ACE.Common.csproj +++ b/Source/ACE.Common/ACE.Common.csproj @@ -15,7 +15,7 @@ - + diff --git a/Source/ACE.Common/Cryptography/BCryptProvider.cs b/Source/ACE.Common/Cryptography/BCryptProvider.cs index abee3b94ca..b173904c94 100644 --- a/Source/ACE.Common/Cryptography/BCryptProvider.cs +++ b/Source/ACE.Common/Cryptography/BCryptProvider.cs @@ -4,7 +4,12 @@ public static class BCryptProvider { public static string HashPassword(string input, int workFactor = 10) { - return BCrypt.Net.BCrypt.HashPassword(input, workFactor, BCrypt.Net.SaltRevision.Revision2Y); + // Force BCrypt.Net-Next to use 2y instead of the default 2a + // The older bcrypt package ACE used (BCrypt.Net-Core) defaultd to 2y + // Reference: https://stackoverflow.com/questions/49878948/hashing-password-with-2y-identifier/75114685 + string salt = BCrypt.Net.BCrypt.GenerateSalt(workFactor, 'y'); + + return BCrypt.Net.BCrypt.HashPassword(input, salt); } public static bool Verify(string text, string hash) @@ -14,7 +19,12 @@ public static bool Verify(string text, string hash) public static int GetPasswordWorkFactor(string hash) { - return BCrypt.Net.BCrypt.GetPasswordWorkFactor(hash); + var hashInformation = BCrypt.Net.BCrypt.InterrogateHash(hash); + + if (int.TryParse(hashInformation.WorkFactor, out var workFactor)) + return workFactor; + + return 0; } } }