Project Description

Passlib.NET is a password library inspired by passlib.

The main difference with that great python library is that, well it's that i don't really have much spare time. So, instead of supporting all conceivable algorithms crypt can and is used with, i will support only some that are considered secure.

At the moment SHA256 and SHA512 and Rfc2898 are supported.

The two main advantages in the approach used by Passlib.NET - inherited by passlib and crypt() - are that you can store both the salt and the hash in the same string and that you can Verify hashes made with different algorithms with the same function. This will allow you gracefully migrate from an algorithm to another in a live system, if needed.

To ensure some robustness in this young code, I will use only .NET native cryptographic methods. This means that no bcrypt support is planned, even though it's probably the best password encryption algorithm around. Anyway BCrypt.NET seems a really nice library.

Passlib.NET is still in an alpha stage, approaching to beta, so i would never dream to reccomend to use it in any serious project. That said, there are at the moment 64 tests with a 100% code coverage, so it's probably still more safe that writing some custom salt/rounds handling/storing algorithm. If you can't or won't use BCrypt.NET or some more old, robust and tested library, you could probably consider using Passlib.NET, maybe after running the tests and reviewing the code yourself.

If you really want to use some alpha stuff to manage your passwords, you can get this via NuGet

Basic usage

            //Encrypt with some algorithm (Sha512)
            var hash = Passlib.Encrypt("FOOBAR");
            Debug.WriteLine(hash);

            Debug.WriteLine(Passlib.Verify("FOOBAR", hash));

            //Encrypt with Sha256
            hash = new Sha256().Encrypt("FOOBAR");
            Debug.WriteLine(hash);

            Debug.WriteLine(Passlib.Verify("FOOBAR", hash));

            //Encrypt with Sha512 with 12000 rounds
            hash = new Sha256(rounds:12000).Encrypt("FOOBAR");
            Debug.WriteLine(hash);

            Debug.WriteLine(Passlib.Verify("FOOBAR", hash));

Last edited Dec 15, 2014 at 5:23 PM by RiccardoC, version 10