Implement BCrypt or SCrypt for IHashProvider
ServiceStack/Auth/SaltedHash.cs appears to implement one round of a HashAlgorithm. This constrains the user to KeyedHashAlgorithm, MD5, RIPEMD160, SHA1, SHA256, SHA384, and SHA512, none of which are suitable for hashing passwords.
Would the ServiceStack project consider one of the existing BCrypt or SCrypt implementations in the GitHub community (for example viniciuschiele/Scrypt) or does it require that the library be professionally audited by penetration testers?
Would it accept a contribution given a valid CLA?
1
vote
Adrian Cohea
shared this idea
No we can’t force any additional dependencies to the core ServiceStack.dll but you can use your own custom HashProvider by registering it in the IOC, e.g:
container.Register(c =>
new MyCustomHash());