BCrypt.Net - Bringing updates to the original bcrypt package
Legacy384
which is basically the way it operated prior to this version anyway this will be maintained for v2.https://github.com/BcryptNet/bcrypt.net/compare/2.1.1...62a57cd
Deployment made for typos/netstandard.
PasswordNeedsReshash(string hash, int newMinimumWorkLoad)
as a helper method for developers to use when logging a user in to increase legacy workloadsValidateAndReplacePassword
method to allow inline password validation and replacement. Throws BcryptAuthenticationException
in the event of authentication failure.Fresh release packaged for the majority of .net & containing safe-equals to reduce the risks from timing attacks https://en.wikipedia.org/wiki/Timing_attack / https://cryptocoding.net/index.php/Coding_rules#Compare_secret_strings_in_constant_time Technically the implementation details of BCrypt theoretically mitigate against a timing attacks. But the Bcrypt.net official validation function was vulerable to timing attacks as it returned as soon as a non-matching byte was found in the hash comparison..