BCrypt.Net - Bringing updates to the original bcrypt package
MIT License
Bot releases are hidden (Show)
Full Changelog: https://github.com/BcryptNet/bcrypt.net/compare/4.0.2...4.0.3
Published by ChrisMcKee almost 4 years ago
Published by ChrisMcKee over 4 years ago
v4.0.0 (breaking changes) - A bug in Enhanced Hashing
was discovered that causes the hashes created to be inoperable between different languages.
V4 provides the fix for this as well as adding test vectors from PHP and Python to ensure the issue remains fixed in the future. V4 also removes the legacy 384 option that came before Base64 was added.
Published by ChrisMcKee over 4 years ago
v3.5.0 - A bug in Enhanced Hashing
was discovered that causes the hashes created to be inoperable between different languages.
As part of the fix 3.5 release contains the ability to Verify
and HashPassword
were given an additional v4CompatibleEnhancedEntropy
parameter.
This allows the user to verify their Enhanced hash as normal; then re-hash + store using V4. This functionality is purely to allow migration and is removed in V4.
Published by ChrisMcKee over 4 years ago
Performance (heap reduction) and removal of regex
Big thanks to Jos Vandertil (@jvandertil) for the help.
Published by ChrisMcKee over 5 years ago
Resolves https://github.com/BcryptNet/bcrypt.net/issues/25
Added serializable attribute to exception types
Published by ChrisMcKee almost 6 years ago
If you updated to 3.1.1 (now delisted), any credentials created using 3.1.1 will need resetting.
Test run
https://ci.appveyor.com/project/ChrisMcKee/bcrypt-net/build/tests
Published by ChrisMcKee almost 6 years ago
BROKEN DONT USE
Published by ChrisMcKee about 6 years ago
SHA384
which is base64 encoded.Legacy384
which is basically the way it operated prior to this version anyway this will be maintained for v2.Published by ChrisMcKee over 6 years ago
https://github.com/BcryptNet/bcrypt.net/compare/2.1.1...62a57cd
Deployment made for typos/netstandard.
Published by ChrisMcKee over 7 years ago
Published by ChrisMcKee over 7 years ago
PasswordNeedsReshash(string hash, int newMinimumWorkLoad)
as a helper method for developers to use when logging a user in to increase legacy workloadsValidateAndReplacePassword
method to allow inline password validation and replacement. Throws BcryptAuthenticationException
in the event of authentication failure.Published by ChrisMcKee about 8 years ago
Published by ChrisMcKee about 8 years ago
Fresh release packaged for the majority of .net & containing safe-equals to reduce the risks from timing attacks https://en.wikipedia.org/wiki/Timing_attack / https://cryptocoding.net/index.php/Coding_rules#Compare_secret_strings_in_constant_time
Technically the implementation details of BCrypt theoretically mitigate against a timing attacks. But the Bcrypt.net official validation function was vulerable to timing attacks as it returned as soon as a non-matching byte was found in the hash comparison..