8

Which, if any, .NET / C# bcrypt implementations are considered suitable for production environments?

I have seen CryptSharp and BCrypt.Net mentioned in answers to other questions but without any discussion of how widely they are used or how much they may have been reviewed.

broccoli_soup
  • 395
  • 4
  • 8
  • BCrypt.NET is a direct port of jBCrypt which has been around since 2006. It seems that both are a more direct port from the original source. I would also argue that CryptSharp is much younger which often can indicate honestly its less stable. What sort of research have you done on the subject? – Ramhound Aug 29 '12 at 10:47

2 Answers2

2

C# shares with Java one remarkable characteristic, which is being reproducible. That's the Java motto "write once, run anywhere". It is not entirely true, but for code which:

  1. does not use floating point types;
  2. is pure computation (no system calls);
  3. is mono-threaded;

then tests are effective. This means that you could take the BCrypt.NET implementation, and see whether it is compatible with the reference code. Take care to include tests with non-ASCII password characters, which often are a sore spot. Also, measure performance to make sure that the .NET implementation is not unduly slow (for this kind computational tasks, Java or .NET code can be expected to be about 2 to 4 times slower than C code).

If the .NET implementation is compatible with the reference code, and its performance is not abysmal, then the "reproducible results" aspect of C#/.NET will allow you to conclude that it is ready for production.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
1

I am conscious that this really doesn't answer your question, but bcrypt isn't (in my opinion) the best password hashing mechanism.

You can find a c# implementation of a password hashing mechanism using PBKDF2 here : CrackStation

Although it's a lot younger I've heard good things about scrypt TarSnap scrypt Unfortunatelly I haven't had a ton of success finding a good .net implementation.

ATNPGO
  • 121
  • 2
  • 4
    I think your answer would be more helpful if you discussed why one would find the others preferable to bcrypt rather than just saying that it's your opinion. – Jeff Ferland Aug 31 '12 at 21:07
  • 1
    For what it's worth, .NET's PBKDF2 is FIPS certified, however it's conceivable that hardware accelerators for cracking PBKDF2 would be easier than bcrypt. Namely because BCrypt requires accessing slower memory not in the CPU/GPU's cache, and the goal for a password hashing algorithm is slowness – makerofthings7 Oct 02 '12 at 05:10