Pariah Cybersecurity Wiki
DataHandler
Functions
DataHandler.Accounts
DataHandler.AccountsWithSessions
DataHandler.DataEncryptions
DataHandler.DataRequest
DataHandler.DeviceIdentifier
DataHandler.JSONDataHandler
DataHandler.SaltAndHashing
DataHandler.SecretManager
DataHandler
Example Class Used Throughout Examples
Welcome To Pariah Cybersecurity

DataHandler.SaltAndHashing

Handles the Salting and Hashing of Data

Types

PasswordCheckData

Holds the salt and hash produced when generating a password hash.

  • Fields:

    • string SaltKey (get/set): Base64-encoded salt.
    • string HashKey (get/set): Base64-encoded hash.

  • Constructor:
    PasswordCheckData(string saltKey, string hashKey)

Initializes both fields.

PasswordHandler

Provides methods to generate and validate password hashes using Argon2id with a cryptographically secure salt.

Methods

GeneratePasswordHashAsync(SecureData password, int iterations = 4, int saltByteSize = 64, int hashByteSize = 128)

Creates a new random salt and computes an Argon2id hash of the given password.

  • Parameters:
    • password: The user’s password as a SecureData.
    • iterations: Number of Argon2id iterations (default: 4).
    • saltByteSize: Length in bytes of the random salt (default: 64).
    • hashByteSize: Desired length in bytes of the hash output (default: 128).
  • Returns: Task containing Base64-encoded SaltKey and HashKey.

ValidatePasswordAsync(SecureData password, PasswordCheckData passValues, int iterations = 4, int hashByteSize = 128)

Verifies a password by re-computing its Argon2id hash with the stored salt and comparing securely.

  • Parameters:
    • password: The password to validate as a SecureData.
    • passValues: The stored SaltKey and HashKey.
    • iterations: Number of Argon2id iterations used when generating the hash (default: 4).
    • hashByteSize: Length in bytes of the expected hash (default: 128).
  • Returns: Task — true if the computed hash matches the stored hash.

Argon2_GetHashAsync(SecureData password, byte[] salt, int iterations, int hashByteSize)

Internal helper that runs Argon2id synchronously within a Task to produce a raw hash byte array.

  • Parameters:
    • password: The password as SecureData.
    • salt: The raw salt bytes.
    • iterations: Argon2id iteration count.
    • hashByteSize: Desired hash byte length.
  • Returns: Task<byte[]> — The raw hash bytes.

SlowEquals(byte[] a, byte[] b)

Performs a constant-time comparison between two byte arrays to prevent timing attacks.

  • Parameters:
    • a: First byte array.
    • b: Second byte array.
  • Returns: bool — true if arrays are identical length and contents.

Notes

  • Uses BouncyCastle’s SecureRandom for salt generation.
  • Argon2id parameters (memory size, parallelism) are tuned for moderate security/performance; adjust as needed.
  • Always use SecureData to minimize plaintext exposure in memory.
Table Of Contents
DataHandler.SaltAndHashing
Types
PasswordCheckData
PasswordHandler
Methods
GeneratePasswordHashAsync(SecureData password, int iterations = 4, int saltByteSize = 64, int hashByteSize = 128)
ValidatePasswordAsync(SecureData password, PasswordCheckData passValues, int iterations = 4, int hashByteSize = 128)
Argon2_GetHashAsync(SecureData password, byte[] salt, int iterations, int hashByteSize)
SlowEquals(byte[] a, byte[] b)
Notes