ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2053/csharp/how-to-fix-it/dot-net.adoc
Egon Okerman 8630818ded
Modify rule S2053: Update salt length to be 32 bytes everywhere (#4094) 
* Update salt length to be 32 bytes everywhere

* Fix typo in VB.NET

* Add Java
2024-08-08 14:32:01 +02:00

38 lines
749 B
Plaintext
Raw Blame History

== How to fix it in .NET
=== Code examples
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,csharp,diff-id=1,diff-type=noncompliant]
----
using System.Security.Cryptography;
public static void hash(string password)
{
var salt = Encoding.UTF8.GetBytes("salty");
var hashed = new Rfc2898DeriveBytes(password, salt); // Noncompliant
}
----
==== Compliant solution
[source,csharp,diff-id=1,diff-type=compliant]
----
using System.Security.Cryptography;
public static void hash(string password)
{
var hashed = new Rfc2898DeriveBytes(password, 32, 10000, HashAlgorithmName.SHA256);
}
----
=== How does this work?
include::../../common/fix/salt.adoc[]
include::../../common/fix/auto-salt.adoc[]
Reference in New Issue View Git Blame Copy Permalink