Implement BCrypt or SCrypt for IHashProvider
ServiceStack/Auth/SaltedHash.cs appears to implement one round of a HashAlgorithm. This constrains the user to KeyedHashAlgorithm, MD5, RIPEMD160, SHA1, SHA256, SHA384, and SHA512, none of which are suitable for hashing passwords.
Would the ServiceStack project consider one of the existing BCrypt or SCrypt implementations in the GitHub community (for example viniciuschiele/Scrypt) or does it require that the library be professionally audited by penetration testers?
Would it accept a contribution given a valid CLA?
No we can’t force any additional dependencies to the core ServiceStack.dll but you can use your own custom HashProvider by registering it in the IOC, e.g: