0

Is it possible with the CNG (Windows Cryptography API: Next Generation) to generate BCrypt / SCrypt / Argon2 hash password ?

BCrypt is a computationally difficult algorithm designed to store passwords by way of a one-way hashing function. You input your password to the algorithm and after significant (relative) computation, an output is produced. Bcrypt has been around since the late 90s and has handled significant scrutiny by the information security/cryptography community. It has proven reliable and secure over time.

Scrypt is an update to the same model from which Bcrypt arose. Scrypt is designed so as to rely on high memory requirements as opposed to high requirements on computational power. The realization that lead to this, was that specialized computer chips (FPGA/ASICs/GPUs) could be purchased at scale by an attacker easier than could huge amounts of memory for a traditional computer.

zeus
  • 12,173
  • 9
  • 63
  • 184
  • i be say that question unclear now. – RbMm Mar 04 '21 at 15:30
  • @RbMm, hmm what is unclear in the question ? maybe I didn't ask correctly ? – zeus Mar 04 '21 at 15:40
  • @RbMm I have just updated the question – zeus Mar 04 '21 at 15:45
  • what is *hash password* ? hash of password ? but with `BCryptHashData` we can easy hash any data. or what you need todo ? – RbMm Mar 04 '21 at 15:45
  • Not as of today, list is here: https://learn.microsoft.com/en-us/windows/win32/seccng/cng-algorithm-identifiers but you can register your own provider and use CNG infrastructure (depends on your need and context) – Simon Mourier Mar 04 '21 at 15:45
  • @SimonMourier thanks, so how with Windows Cryptography API can we do to store hash of password ? – zeus Mar 04 '21 at 15:49
  • *store hash of password* ? again unclear. we can simply calculate hash from any data. how store generated hash - is your task. and what data is hashed - again no matter – RbMm Mar 04 '21 at 15:51
  • @RbMm the idea is that you can not store easy hash of password (like md5, sha1, etc) but you must only store hash that are very hard to produce. https://nakedsecurity.sophos.com/2016/12/15/yahoo-breach-ive-closed-my-account-because-it-uses-md5-to-hash-my-password/ question is how to produce such "hash" so that we can store them – zeus Mar 04 '21 at 15:54
  • exist list of supported algorithms. you can select any from it. – RbMm Mar 04 '21 at 15:57
  • With CNG sample is here: https://github.com/microsoft/Windows-classic-samples/tree/master/Samples/Security/KeyDerivation BCRYPT_SP800108_CTR_HMAC_ALGORITHM, BCRYPT_SP80056A_CONCAT_ALGORITHM, BCRYPT_PBKDF2_ALGORITHM, BCRYPT_CAPI_KDF_ALGORITHM, – Simon Mourier Mar 04 '21 at 15:58
  • @SimonMourier I don't think in https://github.com/microsoft/Windows-classic-samples/tree/master/Samples/Security/KeyDerivation they speak about bcrypt like the algo to hash password with CPU power intensive. I think microsoft use the name BCrypt for another concept – zeus Mar 04 '21 at 16:07
  • Absolutely (and yes this is confusing), but CNG does support some KDF (and hashes of course), PBKDF2 (BCRYPT_PBKDF2_ALGORITHM) would be the obvious choice if you don't have BCrypt, Scrypt or Argon2 – Simon Mourier Mar 04 '21 at 16:21
  • @SimonMourier yes but I read that PBKDF2 is definitively a no go :( – zeus Mar 04 '21 at 16:27
  • Well this is all you get with standard winapi but you can write your own argon2 code, it's open source. – Simon Mourier Mar 04 '21 at 16:34
  • @SimonMourier You answer my question :) sad their is no solution but thank you ! – zeus Mar 04 '21 at 16:37

1 Answers1

1

Short Answer

No.

Long Answer

Neither CryptoAPI nor Crypto API Next Generation (CryptNG) support bcrypt, scrypt, or argon2

bcrypt is a customized version of the blowfish encryption algorithm. Blowfish is not supported by CNG. And even if it was, bcrypt uses a version of bcrypt with a custom "expensive" key setup.

scrypt is (nearly) PBKDF2, which is supported by CNG:

Byte[] scrypt(String password, int DesiredNumberOfBytes, ...)
{
   Byte[] salt = SpecialScryptSaltGeneration(password, ...)
   
   return PBKDF2(password, salt, DesiredNumberOfBytes, 1);
}

but the SpecialScryptSaltGenration uses primitives not included in CNG (ChaCha, Salsa/20).

Argon2 uses custom primitives that don't exist anywhere.

Ian Boyd
  • 246,734
  • 253
  • 869
  • 1,219