Is there a well-regarded library I can use to hash passwords and authenticate users for a WPF app?

Question

There's a number of posts here on hashing of passwords and numerous recommendations on how to go about doing it, but before I go off and write something based on the suggestions here, is there a standard library I can use to save me some time (and potentially blushes, knowing how complex this stuff can be).

My criteria is it has to work in .NET for a client (winforms or WPF) app and a web app (MVC or webforms).

Just to be clear I'm not after recommendations to use the guppy12 algorithm 16 times with a salt that's been run through SHA256 20 times, but a nice library (or framework class if I've missed it) that's preferably open sourced, and written by someone smarter/more experienced than me that's going to save me from falling into some classic cryptography doh that I won't know about until I'm hacked.

Answer 1

I'm not sure how well regarded it is, but the framework has the System.Web.Security.HashPasswordForStoringInConfigFile() API.

Even though it's in the System.Web namespace, there's nothing that should prevent it from being used in a desktop application.

One thing I would suggest that does not appear to be mentioned in the docs for the method and makes the API somewhat less easy to use than it should be is that you should probably prepend the password with a salt value - Microsoft really should have had a specific parameter for allowing you to pass in a salt.

Answer 2

There is the System.Security.Cryptography Namespace that has several options for hashing values.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx