Stateless password hash derivation with header specificity #13
Conversation
… from header parameters. Exposed the SaltLength as a public static readonly field to allow for callers to prepare a correctly sized buffer for the salt; it's not const anymore to ensure callers don't need to recompile all dependencies. Optimization added for salt buffer when using the default or constructor-specified salt generator.
| private const int DefaultIterationCount = 16384; | ||
| private const int DefaultBlockSize = 8; | ||
| private const int DefaultThreadCount = 1; | ||
|
|
||
| private readonly int _iterationCount; | ||
| private readonly int _blockSize; | ||
| private readonly int _threadCount; | ||
| private readonly byte[] _salt; |
There was a problem hiding this comment.
Why is _salt a class attribute? This will make Encode not thread-safe anymore.
There was a problem hiding this comment.
Hi @viniciuschiele! Thank you for the comment. The Encode method wasn't thread safe to begin with because RandomNumberGenerator.GetBytes is not thread safe. A general practice most follow is to make the caller responsible for resource locking for thread safety related to individual methods, unless the class itself is running multiple threads internally or using overlapping callbacks of some kind. The exception to this rule is usually for methods marked static, which should ensure their own thread safety. Let me know if you have any other feedback. Thanks!
There was a problem hiding this comment.
There was a problem hiding this comment.
Thank you for the clarification. After some research based on your comment, I see the issue now. I agree on the point of it breaking existing apps. Even though this varies by implementation, it shouldn't cause a behavioral change that breaks existing consumers of the library who use older versions of .NET, since you still support them. I'll go ahead and remove that change and return it to the original with a new commit tomorrow.
I did want to point out that in .NET Core and .NET Framework, the implementation now just invokes Windows API's BCryptGenRandom on Windows and OpenSSL's GetRandomBytes on Unix, so new consumers should not rely on thread safety of this method in modern codebases.
I really appreciate your thoughtful response and for exercising care around breaking your users. Thank you again and you can expect the commit tomorrow.
There was a problem hiding this comment.
Thanks for providing the links to the source code, for me both implementations seem thread-safe and I couldn't find anything to say otherwise.
I agree that this may vary based on the implementation, I wonder if it would be better to instantiate a new RandomNumberGenerator every time the Encode is called.
This pull request closes #12 by exposing a static method to perform header based and stateless encoding for passwords. I exposed the
SaltLengthfield as apublic static readonlyfield instead ofprivate constto ensure that callers know the buffer size in a deterministic way; the reason forreadonlyoverconstis to prevent recompilation of large dependencies if/when the value changes in the future. This pull request also adds an optimization to reduce frequent re-allocation of the salt buffer for each encoding operation performed by instance methods.This also adds the
.vsdirectory to.gitignoreto prevent Visual Studio client settings from being included.