public static bool VerifyHashedPassword(string hashedPassword, string password)
{
if (hashedPassword == null)
{
throw new ArgumentNullException("hashedPassword");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
byte[] hashedPasswordBytes = Convert.FromBase64String(hashedPassword);
// Verify a version 0 (see comment above) password hash.
if (hashedPasswordBytes.Length != (1 + SALT_SIZE + PBKDF2_SUBKEY_LENGTH) || hashedPasswordBytes[0] != (byte)0x00)
{
// Wrong length or version header.
return false;
}
byte[] salt = new byte[SALT_SIZE];
Buffer.BlockCopy(hashedPasswordBytes, 1, salt, 0, SALT_SIZE);
byte[] storedSubkey = new byte[PBKDF2_SUBKEY_LENGTH];
Buffer.BlockCopy(hashedPasswordBytes, 1 + SALT_SIZE, storedSubkey, 0, PBKDF2_SUBKEY_LENGTH);
byte[] generatedSubkey;
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt, PBKDF2_ITER_COUNT))
{
generatedSubkey = deriveBytes.GetBytes(PBKDF2_SUBKEY_LENGTH);
}
return ByteArraysEqual(storedSubkey, generatedSubkey);
}