■ KeyDerivation 클래스의 Pbkdf2 정적 메소드를 사용해 패스워드 해시값을 구하는 방법을 보여준다.
▶ Program.cs
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
using System.Security.Cryptography; using Microsoft.AspNetCore.Cryptography.KeyDerivation; namespace TestProject; /// <summary> /// 프로그램 /// </summary> class Program { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Static //////////////////////////////////////////////////////////////////////////////// Private #region 네트워크 바이트 순서 쓰기 - WriteNetworkByteOrder(targetByteArray, offset, value) /// <summary> /// 네트워크 바이트 순서 쓰기 /// </summary> /// <param name="targetByteArray">타겟 바이트 배열</param> /// <param name="offset">오프셋</param> /// <param name="value">32비트 부호없는 정수</param> private static void WriteNetworkByteOrder(byte[] targetByteArray, int offset, uint value) { targetByteArray[offset + 0] = (byte)(value >> 24); targetByteArray[offset + 1] = (byte)(value >> 16); targetByteArray[offset + 2] = (byte)(value >> 8 ); targetByteArray[offset + 3] = (byte)(value >> 0 ); } #endregion #region 네트워크 바이트 순서 읽기 - ReadNetworkByteOrder(sourceByteArray, offset) /// <summary> /// 네트워크 바이트 순서 읽기 /// </summary> /// <param name="sourceByteArray">소스 바이트 배열</param> /// <param name="offset">오프셋</param> /// <returns>32비트 부호없는 정수</returns> private static uint ReadNetworkByteOrder(byte[] sourceByteArray, int offset) { return ((uint)(sourceByteArray[offset + 0]) << 24) | ((uint)(sourceByteArray[offset + 1]) << 16) | ((uint)(sourceByteArray[offset + 2]) << 8 ) | ((uint)(sourceByteArray[offset + 3])); } #endregion #region 패스워드 해시 계산하기 - CalculatePasswordHash(password) /// <summary> /// 패스워드 해시 계산하기 /// </summary> /// <param name="password">패스워드</param> /// <returns>패스워드 해시</returns> private static string CalculatePasswordHash(string password) { KeyDerivationPrf prf = KeyDerivationPrf.HMACSHA256; RandomNumberGenerator generator = RandomNumberGenerator.Create(); const int iterationCount = 10000; const int saltSize = 128 / 8; const int byteCountRequested = 256 / 8; byte[] saltByteArray = new byte[saltSize]; generator.GetBytes(saltByteArray); byte[] subsidaryKeyByteArray = KeyDerivation.Pbkdf2(password, saltByteArray, prf, iterationCount, byteCountRequested); byte[] targetByteArray = new byte[13 + saltByteArray.Length + subsidaryKeyByteArray.Length]; targetByteArray[0] = 0x01; // Format Marker WriteNetworkByteOrder(targetByteArray, 1, (uint)prf ); WriteNetworkByteOrder(targetByteArray, 5, iterationCount); WriteNetworkByteOrder(targetByteArray, 9, saltSize ); Buffer.BlockCopy(saltByteArray, 0, targetByteArray, 13, saltByteArray.Length); Buffer.BlockCopy(subsidaryKeyByteArray, 0, targetByteArray, 13 + saltSize, subsidaryKeyByteArray.Length); return Convert.ToBase64String(targetByteArray); } #endregion #region 해시 검증하기 - VerifyHash(passwordHashed, password) /// <summary> /// 해시 검증하기 /// </summary> /// <param name="passwordHashed">해시 패스워드</param> /// <param name="password">패스워드</param> /// <returns>해시 검증 결과</returns> private static bool VerifyHash(string passwordHashed, string password) { byte[] passwordHashedByteArray = Convert.FromBase64String(passwordHashed); if(passwordHashedByteArray[0] != 0x01) { return false; } KeyDerivationPrf prf = (KeyDerivationPrf)ReadNetworkByteOrder(passwordHashedByteArray, 1); int iterationCount = (int )ReadNetworkByteOrder(passwordHashedByteArray, 5); int saltLength = (int )ReadNetworkByteOrder(passwordHashedByteArray, 9); if(saltLength < 128 / 8) { return false; } byte[] saltByteArray = new byte[saltLength]; Buffer.BlockCopy(passwordHashedByteArray, 13, saltByteArray, 0, saltByteArray.Length); int subsidaryKeyLength = passwordHashedByteArray.Length - 13 - saltByteArray.Length; if(subsidaryKeyLength < 128 / 8) { return false; } byte[] expectedSubsidaryKeyByteArray = new byte[subsidaryKeyLength]; Buffer.BlockCopy(passwordHashedByteArray, 13 + saltByteArray.Length, expectedSubsidaryKeyByteArray, 0, expectedSubsidaryKeyByteArray.Length); byte[] actualSubsidaryKeyByteArray = KeyDerivation.Pbkdf2(password, saltByteArray, prf, iterationCount, subsidaryKeyLength); return actualSubsidaryKeyByteArray.SequenceEqual(expectedSubsidaryKeyByteArray); } #endregion #region 프로그램 시작하기 - Main() /// <summary> /// 프로그램 시작하기 /// </summary> private static void Main() { string password = "test1234"; string passwordHashed = CalculatePasswordHash(password); Console.WriteLine($"패스워드 : {password}"); Console.WriteLine($"해시 패시워드 : {passwordHashed}"); Console.WriteLine($"검증 결과 : {VerifyHash(passwordHashed, password)}"); } #endregion } |
