5

I'm building an application that uses a dotnet core API and identity core for user management. I was investigating my database and panicked when I saw that all strings in the PasswordHash field started with the same characters: AQAAAAEAACcQAAAAE, as I thought salting wasn't working properly. I realize now that salting is indeed working properly, as the rest of the password hash changes with every password, but now I'm curious about this mysterious prefix.

What does this password hash prefix used for in identity core?

Chase
  • 103
  • 1
  • 8
  • 3
    The password isn't just a password. It's has the password algorithm version, a salt, a hash etc. Your question could probably be answered by [ASP.NET Identity's default Password Hasher - How does it work and is it secure?](https://stackoverflow.com/questions/20621950/asp-net-identitys-default-password-hasher-how-does-it-work-and-is-it-secure). – Erik Philips Oct 30 '19 at 21:53
  • Interesting. So in absence of a PasswordSalt field, identity core stores information about how the password was hashed in the first 17 characters of the password hash? It seems to me that those characters shouldn't always be the same since the salt is randomly generated. – Chase Oct 30 '19 at 22:04
  • 3
    When you look at the v3 version, the first 13 bytes store some settings that are more or less constant. That means the first 16 base64 chars will be stable. The Salt starts at 13. – H H Oct 30 '19 at 22:11
  • 3
    @Chase the goal was to keep passwords compatible across many systems of storage (sql server, my sql, no sql etc) without the need for other custom columns (salt, timestamp etc). This also means there is forward compatibility with Identity Version X. – Erik Philips Oct 30 '19 at 22:40

1 Answers1

3

According to implementation, Microsoft.AspNetCore.Identity generates a result value using the following format (actual for version 3):

HEADER

A) byte #0: format version (0x00 for version 2, 0x01 for version 3)

B) byte #1-4: int (4 bytes), KeyDerivationPrf Enum - key derivation algorithm. HMACSHA256 in V3, HMACSHA512 since .NET7

C) byte #5-8: int (4 bytes), iterations count. 10000 in V3, 100k since .NET7

D) byte #9-12: int (4 bytes), salt length. 16 in V3

BODY

E) byte #13-28 - salt. (length takes from Header D)

F) byte #29-60 - hash (HMACSHA256 at the Header B says it has 256/8 = 32 bytes length)

Result byte array stores in BASE64 format

So obviously, since header is the same for all V3 hashes, all V3 hashes will have the same characters at the beginning (first 13 of 61 bytes).

DonSleza4e
  • 562
  • 6
  • 11