-1
You can decrypt the password generated by Asp.Net Identity?
1 answer
6
Not.
Identity passwords go through a hash, which is a way to "shuffle" the information in only one way, ie, once the information has gone through this process, there is no way to get the original information.
This is the main idea of using an algorithm of hash.
See some publications on the subject:
As a curiosity, here are the standard implementations used by Identity:
Method of hashing
public static string HashPassword(string password)
{
byte[] salt;
byte[] buffer2;
if (password == null)
{
throw new ArgumentNullException("password");
}
using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, 0x10, 0x3e8))
{
salt = bytes.Salt;
buffer2 = bytes.GetBytes(0x20);
}
byte[] dst = new byte[0x31];
Buffer.BlockCopy(salt, 0, dst, 1, 0x10);
Buffer.BlockCopy(buffer2, 0, dst, 0x11, 0x20);
return Convert.ToBase64String(dst);
}
Verification method:
public static bool VerifyHashedPassword(string hashedPassword, string password)
{
byte[] buffer4;
if (hashedPassword == null)
{
return false;
}
if (password == null)
{
throw new ArgumentNullException("password");
}
byte[] src = Convert.FromBase64String(hashedPassword);
if ((src.Length != 0x31) || (src[0] != 0))
{
return false;
}
byte[] dst = new byte[0x10];
Buffer.BlockCopy(src, 1, dst, 0, 0x10);
byte[] buffer3 = new byte[0x20];
Buffer.BlockCopy(src, 0x11, buffer3, 0, 0x20);
using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, dst, 0x3e8))
{
buffer4 = bytes.GetBytes(0x20);
}
return ByteArraysEqual(buffer3, buffer4);
}
They both came of this question by Soen which, in turn, used the code of its own ASP.NET Identity in Codeplex.
Browser other questions tagged c# asp.net asp.net-identity
You are not signed in. Login or sign up in order to post.
Why the question is too broad?
– Jéf Bueno
@LINQ Herd behavior?
– Jefferson Quesado
@Jeffersonquesado Most likely
– Jéf Bueno