ASP NET Identity s default Password Hasher - How does it work and is it secure

Question

I am wondering wether the Password Hasher that is default implemented in the UserManager that comes with MVC 5 and ASP NET Identity Framework  is secure enough  And if so  if you could explain to me how it works   IPasswordHasher interface looks like this   public interface IPasswordHasher       string HashPassword string password       PasswordVerificationResult VerifyHashedPassword string hashedPassword                                                          string providedPassword       As you can see  it doesn t take a salt  but it is mentioned in this thread   Asp net Identity password hashing   that it does infact salt it behind the scenes  So I am wondering how does it do this  And where does this salt come from   My concern is that the salt is static  rendering it quite insecure

User · Accepted Answer

Here is how the default implementation  ASP NET Framework or ASP NET Core  works  It uses a Key Derivation Function with random salt to produce the hash  The salt is included as part of the output of the KDF  Thus  each time you  hash  the same password you will get different hashes  To verify the hash the output is split back to the salt and the rest  and the KDF is run again on the password with the specified salt  If the result matches to the rest of the initial output the hash is verified   Hashing   public static string HashPassword string password        byte   salt      byte   buffer2      if  password    null                throw new ArgumentNullException  password              using  Rfc2898DeriveBytes bytes   new Rfc2898DeriveBytes password  0x10  0x3e8                 salt   bytes Salt          buffer2   bytes GetBytes 0x20             byte   dst   new byte 0x31       Buffer BlockCopy salt  0  dst  1  0x10       Buffer BlockCopy buffer2  0  dst  0x11  0x20       return Convert ToBase64String dst       Verifying   public static bool VerifyHashedPassword string hashedPassword  string password        byte   buffer4      if  hashedPassword    null                return false            if  password    null                throw new ArgumentNullException  password              byte   src   Convert FromBase64String hashedPassword       if   src Length    0x31      src 0     0                 return false            byte   dst   new byte 0x10       Buffer BlockCopy src  1  dst  0  0x10       byte   buffer3   new byte 0x20       Buffer BlockCopy src  0x11  buffer3  0  0x20       using  Rfc2898DeriveBytes bytes   new Rfc2898DeriveBytes password  dst  0x3e8                 buffer4   bytes GetBytes 0x20             return ByteArraysEqual buffer3  buffer4

User · Answer

I understand the accepted answer  and have up-voted it but thought I d dump my laymen s answer here     Creating a hash   The salt is randomly generated using the function Rfc2898DeriveBytes which generates a hash and a salt  Inputs to Rfc2898DeriveBytes are the password  the size of the salt to generate and the number of hashing iterations to perform  https   msdn microsoft com en-us library h83s4e12 v vs 110  aspx The salt and the hash are then mashed together salt first followed by the hash  and encoded as a string  so the salt is encoded in the hash    This encoded hash  which contains the salt and hash  is then stored  typically  in the database against the user    Checking a password against a hash  To check a password that a user inputs    The salt is extracted from the stored hashed password  The salt is used to hash the users input password using an overload of Rfc2898DeriveBytes which takes a salt instead of generating one  https   msdn microsoft com en-us library yx129kfs v vs 110  aspx The stored hash and the test hash are then compared     The Hash  Under the covers the hash is generated using the SHA1 hash function  https   en wikipedia org wiki SHA-1    This function is iteratively called 1000 times  In the default Identity implementation   Why is this secure   Random salts means that an attacker can   t use a pre-generated table of hashs to try and break passwords  They would need to generate a hash table for every salt   Assuming here that the hacker has also compromised your salt  If 2 passwords are identical they will have different hashes   meaning attackers can   t infer    common    passwords   Iteratively calling SHA1 1000 times means that the attacker also needs to do this  The idea being that unless they have time on a supercomputer they won   t have enough resource to brute force the password from the hash  It would massively slow down the time to generate a hash table for a given salt

User · Answer

For those like me who are brand new to this  here is code with const and an actual way to compare the byte   s   I got all of this code from stackoverflow but defined consts so values could be changed and also     24   192 bits     private const int SaltByteSize   24      private const int HashByteSize   24      private const int HasingIterationsCount   10101        public static string HashPassword string password                   http   stackoverflow com questions 19957176 asp-net-identity-password-hashing          byte   salt          byte   buffer2          if  password    null                        throw new ArgumentNullException  password                      using  Rfc2898DeriveBytes bytes   new Rfc2898DeriveBytes password  SaltByteSize  HasingIterationsCount                         salt   bytes Salt              buffer2   bytes GetBytes HashByteSize                     byte   dst   new byte  SaltByteSize   HashByteSize    1           Buffer BlockCopy salt  0  dst  1  SaltByteSize           Buffer BlockCopy buffer2  0  dst  SaltByteSize   1  HashByteSize           return Convert ToBase64String dst              public static bool VerifyHashedPassword string hashedPassword  string password                byte    passwordHashBytes           int  arrayLen    SaltByteSize   HashByteSize    1           if  hashedPassword    null                        return false                     if  password    null                        throw new ArgumentNullException  password                       byte   src   Convert FromBase64String hashedPassword            if   src Length     arrayLen      src 0     0                         return false                     byte    currentSaltBytes   new byte SaltByteSize           Buffer BlockCopy src  1   currentSaltBytes  0  SaltByteSize            byte    currentHashBytes   new byte HashByteSize           Buffer BlockCopy src  SaltByteSize   1   currentHashBytes  0  HashByteSize            using  Rfc2898DeriveBytes bytes   new Rfc2898DeriveBytes password   currentSaltBytes  HasingIterationsCount                          passwordHashBytes   bytes GetBytes SaltByteSize                      return AreHashesEqual  currentHashBytes   passwordHashBytes               private static bool AreHashesEqual byte   firstHash  byte   secondHash                int  minHashLength   firstHash Length  lt   secondHash Length   firstHash Length   secondHash Length          var xor   firstHash Length   secondHash Length          for  int i   0  i  lt   minHashLength  i                xor    firstHash i    secondHash i           return 0    xor          In in your custom ApplicationUserManager  you set the PasswordHasher property the name of the class which contains the above code

User · Answer

Because these days ASP NET is open source  you can find it on GitHub   AspNet Identity 3 0 and AspNet Identity 2 0   From the comments                                 HASHED PASSWORD FORMATS                                   Version 2     PBKDF2 with HMAC-SHA1  128-bit salt  256-bit subkey  1000 iterations      See also  SDL crypto guidelines v5 1  Part III     Format    0x00  salt  subkey         Version 3     PBKDF2 with HMAC-SHA256  128-bit salt  256-bit subkey  10000 iterations     Format    0x01  prf  UInt32   iter count  UInt32   salt length  UInt32   salt  subkey       All UInt32s are stored big-endian

[c#] ASP.NET Identity's default Password Hasher - How does it work and is it secure?

Examples related to c#

Examples related to asp.net

Examples related to security

Examples related to passwords

Examples related to asp.net-identity