I suggest you ...

Implement BCrypt or SCrypt for IHashProvider

ServiceStack/Auth/SaltedHash.cs appears to implement one round of a HashAlgorithm. This constrains the user to KeyedHashAlgorithm, MD5, RIPEMD160, SHA1, SHA256, SHA384, and SHA512, none of which are suitable for hashing passwords.

Would the ServiceStack project consider one of the existing BCrypt or SCrypt implementations in the GitHub community (for example viniciuschiele/Scrypt) or does it require that the library be professionally audited by penetration testers?

Would it accept a contribution given a valid CLA?

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Adrian CoheaAdrian Cohea shared this idea  ·   ·  Admin →
    declined  ·  Demis J BellotAdminDemis J Bellot (Developer, ServiceStack) responded  · 

    No we can’t force any additional dependencies to the core ServiceStack.dll but you can use your own custom HashProvider by registering it in the IOC, e.g:

    container.Register(c =>
    new MyCustomHash());

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base