Class CryptoPasswordHashScrypt

Namespace: LibSodium

Assembly: LibSodium.Net.dll

Provides password hashing and key derivation using the Scrypt algorithm.

public static class CryptoPasswordHashScrypt

Inheritance: object

CryptoPasswordHashScrypt

Inherited Members: object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Remarks

Based on libsodium's crypto_pwhash_scryptsalsa208sha256 API: https://doc.libsodium.org/advanced/scrypt

Fields

EncodedLen

Maximum length of the encoded hash string (includes null terminator) (102).

public const int EncodedLen = 102

Field Value

int

InteractiveIterations

Recommended iterations for login or general use (2^19 = 421Mi).

public const int InteractiveIterations = 524288

Field Value

int

InteractiveMemoryLen

Recommended memory usage for interactive scenarios (2^24 = 16 MiB).

public const int InteractiveMemoryLen = 16777216

Field Value

int

MinIterations

Minimum recommended iterations for dual-phase scenarios (2^10 = 1Ki).

public const int MinIterations = 1024

Field Value

int

MinKeyLen

Minimum allowed length in bytes for the derived key (16).

public const int MinKeyLen = 16

Field Value

int

MinMemoryLen

Minimum recommended memory usage (2^15 = 32 KiB).

public const int MinMemoryLen = 32768

Field Value

int

MinPasswordLen

Minimum allowed password length in bytes (0).

public const int MinPasswordLen = 0

Field Value

int

ModerateIterations

Recommended iterations for moderate-strength secrets (2^22 = 4Gi).

public const int ModerateIterations = 4194304

Field Value

int

ModerateMemoryLen

Recommended memory usage for moderate-strength secrets (2^27 = 128 MiB).

public const int ModerateMemoryLen = 134217728

Field Value

int

Prefix

Prefix for the encoded hash string (e.g. "\(7\)").

public const string Prefix = "$7$"

Field Value

string

SaltLen

Length of the salt in bytes (32).

public const int SaltLen = 32

Field Value

int

SensitiveIterations

Recommended iterations for high-value secrets (2^25 = 32Gi).

public const int SensitiveIterations = 33554432

Field Value

int

SensitiveMemoryLen

Recommended memory usage for high-value secrets (2^30 = 1 GiB).

public const int SensitiveMemoryLen = 1073741824

Field Value

int

Methods

DeriveKey(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, int, int)

Derives a secret key from a password and salt using scrypt.

public static void DeriveKey(SecureMemory<byte> key, SecureMemory<byte> password, ReadOnlySpan<byte> salt, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

key SecureMemory<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password SecureMemory<byte>: The password to hash.
salt ReadOnlySpan<byte>: The salt (must be 32 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Exceptions

ArgumentException: If arguments are invalid.
LibSodiumException: If hashing fails.

DeriveKey(SecureMemory<byte>, string, ReadOnlySpan<byte>, int, int)

Derives a secret key from a password string and salt using scrypt.

public static void DeriveKey(SecureMemory<byte> key, string password, ReadOnlySpan<byte> salt, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

key SecureMemory<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password string: The password string to hash.
salt ReadOnlySpan<byte>: The salt (must be 32 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Exceptions

ArgumentNullException: If the password is null.
LibSodiumException: If hashing fails.

DeriveKey(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int, int)

Derives a secret key from a password and salt using scrypt.

public static void DeriveKey(Span<byte> key, ReadOnlySpan<byte> password, ReadOnlySpan<byte> salt, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

key Span<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password ReadOnlySpan<byte>: The password to hash.
salt ReadOnlySpan<byte>: The salt (must be 32 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Exceptions

ArgumentException: If arguments are invalid.
LibSodiumException: If hashing fails.

DeriveKey(Span<byte>, string, ReadOnlySpan<byte>, int, int)

Derives a secret key from a password string and salt using scrypt.

public static void DeriveKey(Span<byte> key, string password, ReadOnlySpan<byte> salt, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

key Span<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password string: The password string to hash.
salt ReadOnlySpan<byte>: The salt (must be 32 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Exceptions

ArgumentNullException: If the password is null.
LibSodiumException: If hashing fails.

HashPassword(SecureMemory<byte>, int, int)

Hashes a password into a human-readable string (including algorithm and parameters).

public static string HashPassword(SecureMemory<byte> password, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

password SecureMemory<byte>: The password to hash (in UTF-8).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Returns

string: A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentOutOfRangeException: If password is too short or parameters are invalid.
LibSodiumException: If hashing fails.

HashPassword(ReadOnlySpan<byte>, int, int)

Hashes a password into a human-readable string (including algorithm and parameters).

public static string HashPassword(ReadOnlySpan<byte> password, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

password ReadOnlySpan<byte>: The password to hash (in UTF-8).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Returns

string: A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentOutOfRangeException: If password is too short or parameters are invalid.
LibSodiumException: If hashing fails.

HashPassword(string, int, int)

Hashes a password string into a human-readable string (including algorithm and parameters).

public static string HashPassword(string password, int iterations = 524288, int requiredMemoryLen = 16777216)

Parameters

password string: The password to hash (as string).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Returns

string: A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentNullException: If the password is null.
ArgumentOutOfRangeException: If parameters are invalid.
LibSodiumException: If hashing fails.

VerifyPassword(string, SecureMemory<byte>)

Verifies a password against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, SecureMemory<byte> password)

Parameters

hashedPassword string: The encoded password hash string (must be ASCII and null-terminated).
password SecureMemory<byte>: The password to verify.

Returns

bool: true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException: If hashedPassword is null.
ArgumentException: If hashedPassword is too long.

VerifyPassword(string, ReadOnlySpan<byte>)

Verifies a password against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, ReadOnlySpan<byte> password)

Parameters

hashedPassword string: The encoded password hash string (must be ASCII and null-terminated).
password ReadOnlySpan<byte>: The password to verify.

Returns

bool: true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException: If hashedPassword is null.
ArgumentException: If hashedPassword is too long.

VerifyPassword(string, string)

Verifies a password string against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, string password)

Parameters

hashedPassword string: The encoded password hash string (must be ASCII and null-terminated).
password string: The password to verify (as string).

Returns

bool: true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException: If password is null.

Table of Contents

Class CryptoPasswordHashScrypt

Remarks

Fields

EncodedLen

Field Value

InteractiveIterations

Field Value

InteractiveMemoryLen

Field Value

MinIterations

Field Value

MinKeyLen

Field Value

MinMemoryLen

Field Value

MinPasswordLen

Field Value

ModerateIterations

Field Value

ModerateMemoryLen

Field Value

Prefix

Field Value

SaltLen

Field Value

SensitiveIterations

Field Value

SensitiveMemoryLen

Field Value

Methods

DeriveKey(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, int, int)

Parameters

Exceptions

DeriveKey(SecureMemory<byte>, string, ReadOnlySpan<byte>, int, int)

Parameters

Exceptions

DeriveKey(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int, int)

Parameters

Exceptions

DeriveKey(Span<byte>, string, ReadOnlySpan<byte>, int, int)

Parameters

Exceptions

HashPassword(SecureMemory<byte>, int, int)

Parameters

Returns

Exceptions

HashPassword(ReadOnlySpan<byte>, int, int)

Parameters

Returns

Exceptions

HashPassword(string, int, int)

Parameters

Returns

Exceptions

VerifyPassword(string, SecureMemory<byte>)

Parameters

Returns

Exceptions

VerifyPassword(string, ReadOnlySpan<byte>)

Parameters

Returns

Exceptions

VerifyPassword(string, string)

Parameters

Returns

Exceptions