From 5265b3eee794762b4de39a68b5bfbf767faaac36 Mon Sep 17 00:00:00 2001
From: Bond_009 <bond.009@outlook.com>
Date: Wed, 10 Nov 2021 22:34:54 +0100
Subject: Replace PBKDF2-SHA1 with PBKDF2-SHA512

This also migrates already created passwords on login

Source for the number of iterations:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
---
 MediaBrowser.Model/Cryptography/ICryptoProvider.cs | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'MediaBrowser.Model/Cryptography/ICryptoProvider.cs')

diff --git a/MediaBrowser.Model/Cryptography/ICryptoProvider.cs b/MediaBrowser.Model/Cryptography/ICryptoProvider.cs
index d8b7d848a..6c521578c 100644
--- a/MediaBrowser.Model/Cryptography/ICryptoProvider.cs
+++ b/MediaBrowser.Model/Cryptography/ICryptoProvider.cs
@@ -1,6 +1,6 @@
 #pragma warning disable CS1591
 
-using System.Collections.Generic;
+using System;
 
 namespace MediaBrowser.Model.Cryptography
 {
@@ -8,11 +8,14 @@ namespace MediaBrowser.Model.Cryptography
     {
         string DefaultHashMethod { get; }
 
-        IEnumerable<string> GetSupportedHashMethods();
+        /// <summary>
+        /// Creates a new <see cref="PasswordHash" /> instance.
+        /// </summary>
+        /// <param name="password">The password that will be hashed.</param>
+        /// <returns>A <see cref="PasswordHash" /> instance with the hash method, hash, salt and number of iterations.</returns>
+        PasswordHash CreatePasswordHash(ReadOnlySpan<char> password);
 
-        byte[] ComputeHash(string hashMethod, byte[] bytes, byte[] salt);
-
-        byte[] ComputeHashWithDefaultMethod(byte[] bytes, byte[] salt);
+        bool Verify(PasswordHash hash, ReadOnlySpan<char> password);
 
         byte[] GenerateSalt();
 
-- 
cgit v1.2.3