Letieri Comments - Answer Overflow

Hi Lisa, I wanted to touch base regarding the library we discussed earlier, Isopoh.Cryptography.Argon2. After some thorough investigation and testing, I must advise against using this specific library for our project. The issue lies in how the library handles the salt in Argon2 hashing. It was discovered that the salt wasn't effectively incorporated into the hashing process, rendering it essentially ineffective for its intended purpose of enhancing security.

11 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

Is it better than using Argon2?

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

thank you very much

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

I'm going to switch

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

really

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

It could be an error with the Isopoh.Cryptography.Argon2 library?

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

yep

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

[Fact]
public void VerifyPassword_ReturnsFalseForIncorrectSalt()
{
    // Arrange
    string password = "password123";
    var (hashedPassword, _) = _passwordHasherService.HashPassword(password);
    byte[] incorrectSalt = Encoding.UTF8.GetBytes("WrongSalt");

    // Act
    bool result = _passwordHasherService.VerifyPassword(password, hashedPassword, incorrectSalt);

    // Assert
    Assert.False(result);
}

[Fact]
public void VerifyPassword_ReturnsFalseForIncorrectSalt()
{
    // Arrange
    string password = "password123";
    var (hashedPassword, _) = _passwordHasherService.HashPassword(password);
    byte[] incorrectSalt = Encoding.UTF8.GetBytes("WrongSalt");

    // Act
    bool result = _passwordHasherService.VerifyPassword(password, hashedPassword, incorrectSalt);

    // Assert
    Assert.False(result);
}

Assert.False() Failure
Expected: False
Actual:   True

Assert.False() Failure
Expected: False
Actual:   True

25 replies

CC#

•Created by Letieri on 5/8/2024 in #help

Issue with unit test for Argon2-based password hash service

using Isopoh.Cryptography.Argon2;
using RegulatorioAuth.Application.Services.Interfaces;
using System.Security.Cryptography;
using System.Text;

namespace RegulatorioAuth.Application.Services;

public class PasswordHasherService : IPasswordHasherService
{
    public (string HashedPassword, byte[] Salt) HashPassword(string password)
    {
        var salt = GenerateSalt();

        Argon2Config argon2Config = new()
        {
            Type = Argon2Type.DataIndependentAddressing,
            Version = Argon2Version.Nineteen,
            MemoryCost = 65536,
            TimeCost = 4,
            Lanes = 8,
            Threads = 1,
            Password = Encoding.UTF8.GetBytes(password),
            Salt = salt
        };

        using Argon2 argon2 = new(argon2Config);
        using var hash = argon2.Hash();

        return (argon2Config.EncodeString(hash.Buffer), salt);
    }

    public bool VerifyPassword(string password, string hashedPassword, byte[] salt)
    {
        Argon2Config configOfPasswordToVerify = new Argon2Config
        {
            Type = Argon2Type.DataIndependentAddressing,
            Version = Argon2Version.Nineteen,
            MemoryCost = 65536,
            TimeCost = 4,
            Lanes = 8,
            Threads = 1,
            Password = Encoding.UTF8.GetBytes(password),
            Salt = salt
        };

        return Argon2.Verify(hashedPassword, configOfPasswordToVerify);
    }

    public byte[] GenerateSalt()
    {
        byte[] salt = new byte[16];
        using (var rng = RandomNumberGenerator.Create())
        {
            rng.GetBytes(salt);
        }
        return salt;
    }
}

using Isopoh.Cryptography.Argon2;
using RegulatorioAuth.Application.Services.Interfaces;
using System.Security.Cryptography;
using System.Text;

namespace RegulatorioAuth.Application.Services;

public class PasswordHasherService : IPasswordHasherService
{
    public (string HashedPassword, byte[] Salt) HashPassword(string password)
    {
        var salt = GenerateSalt();

        Argon2Config argon2Config = new()
        {
            Type = Argon2Type.DataIndependentAddressing,
            Version = Argon2Version.Nineteen,
            MemoryCost = 65536,
            TimeCost = 4,
            Lanes = 8,
            Threads = 1,
            Password = Encoding.UTF8.GetBytes(password),
            Salt = salt
        };

        using Argon2 argon2 = new(argon2Config);
        using var hash = argon2.Hash();

        return (argon2Config.EncodeString(hash.Buffer), salt);
    }

    public bool VerifyPassword(string password, string hashedPassword, byte[] salt)
    {
        Argon2Config configOfPasswordToVerify = new Argon2Config
        {
            Type = Argon2Type.DataIndependentAddressing,
            Version = Argon2Version.Nineteen,
            MemoryCost = 65536,
            TimeCost = 4,
            Lanes = 8,
            Threads = 1,
            Password = Encoding.UTF8.GetBytes(password),
            Salt = salt
        };

        return Argon2.Verify(hashedPassword, configOfPasswordToVerify);
    }

    public byte[] GenerateSalt()
    {
        byte[] salt = new byte[16];
        using (var rng = RandomNumberGenerator.Create())
        {
            rng.GetBytes(salt);
        }
        return salt;
    }
}

25 replies

CC#

•Created by Letieri on 5/7/2024 in #help

Retrieving Roles with Empty Permission Arrays in Entity Framework Core Repository

thanks

6 replies

CC#

•Created by Letieri on 5/7/2024 in #help

Retrieving Roles with Empty Permission Arrays in Entity Framework Core Repository

so how can I do it to return the correct values?? Github Copilot gave me this suggestion. It works, but it's very big and has some null reference alerts:

public async Task<IEnumerable<Role>> GetAllWithPermissions()
{
    return await _context.Roles
        .AsNoTracking()
            .Include(r => r.RolePermissions)
                .ThenInclude(rp => rp.Permission)
        .Where(r => r.DeletedAt == null)
        .Select(r => new Role
        {
            Uuid = r.Uuid,
            Name = r.Name,
            Description = r.Description,
            CreatedAt = r.CreatedAt,
            UpdatedAt = r.UpdatedAt,
            RolePermissions = r.RolePermissions
                .Where(rp => rp.DeletedAt == null && rp.Permission != null
                                       && rp.Permission.DeletedAt == null)
                .Select(rp => new RolePermission
                {
                    Uuid = rp.Uuid,
                    RoleUuid = rp.RoleUuid,
                    PermissionUuid = rp.PermissionUuid,
                    CreatedAt = rp.CreatedAt,
                    UpdatedAt = rp.UpdatedAt,
                    DeletedAt = rp.DeletedAt,
                    Permission = new Permission
                    {
                        Uuid = rp.Permission.Uuid,
                        Name = rp.Permission.Name,
                        Description = rp.Permission.Description,
                        CreatedAt = rp.Permission.CreatedAt,
                        UpdatedAt = rp.Permission.UpdatedAt,
                        DeletedAt = rp.Permission.DeletedAt
                    }
                }).ToList()
        })
        .ToListAsync();
}

public async Task<IEnumerable<Role>> GetAllWithPermissions()
{
    return await _context.Roles
        .AsNoTracking()
            .Include(r => r.RolePermissions)
                .ThenInclude(rp => rp.Permission)
        .Where(r => r.DeletedAt == null)
        .Select(r => new Role
        {
            Uuid = r.Uuid,
            Name = r.Name,
            Description = r.Description,
            CreatedAt = r.CreatedAt,
            UpdatedAt = r.UpdatedAt,
            RolePermissions = r.RolePermissions
                .Where(rp => rp.DeletedAt == null && rp.Permission != null
                                       && rp.Permission.DeletedAt == null)
                .Select(rp => new RolePermission
                {
                    Uuid = rp.Uuid,
                    RoleUuid = rp.RoleUuid,
                    PermissionUuid = rp.PermissionUuid,
                    CreatedAt = rp.CreatedAt,
                    UpdatedAt = rp.UpdatedAt,
                    DeletedAt = rp.DeletedAt,
                    Permission = new Permission
                    {
                        Uuid = rp.Permission.Uuid,
                        Name = rp.Permission.Name,
                        Description = rp.Permission.Description,
                        CreatedAt = rp.Permission.CreatedAt,
                        UpdatedAt = rp.Permission.UpdatedAt,
                        DeletedAt = rp.Permission.DeletedAt
                    }
                }).ToList()
        })
        .ToListAsync();
}

6 replies

CC#

•Created by Letieri on 4/30/2024 in #help

Many-to-many with class for join entity EF

Thank you, the problem has been solved, now I just need to solve some mapping problems

20 replies

CC#

•Created by Letieri on 4/30/2024 in #help

Many-to-many with class for join entity EF

I'll test it out

20 replies

CC#

•Created by Letieri on 4/30/2024 in #help

Many-to-many with class for join entity EF

word up

20 replies

Gaming

Programming