The .NET Core Identity model has an IPasswordHasher<> interface for for
- Hashing a password so that it can be stored in a database
- Verifying a provided plain-text password matches a previously stored hash.
I am getting invalid password errors during the login process when the .NET Core Identity model computes a hash from a plain text input and compares it to a password hash value I've returned from Caché. The default hashing algorithm is PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, and 10,000 iterations (detailed article on .NET Core Identity PasswordHasher). The algorithm Caché uses is probably different which may be why I am getting errors.
Consider the following in Caché for username "test1"
The "user" object has properties for Password and Salt.
The class documentation says it uses PBKDF2 and that the Salt value is generated from $System.Encryption.GenCryptRand but doesn't elaborate on the other properties of PBKDF2 such as key length and number of iterations.
I encode the value of user.Password as UTF8 then Base64 before passing it to the web app to compute and verify it's own hash based on plain-text input.
This produces something like
w67CisO6IGnDk1fDl8OzC8OjYk0bblknA8KYw4g= as the PasswordHash stored in the database. The .NET Core Identity hashing technique must be producing something different which is why I am getting errors.
Any thoughts on how I might solve this problem?