Metrolog/Metrolog-API/Services/PasswordService.cs

using System.Security.Cryptography;

namespace Metrolog_API.Services
{
	public class PasswordService
	{
		private const int SaltSize = 16; // 128 bit
		private const int KeySize = 32;  // 256 bit
		private const int Iterations = 100_000;

		public string HashPassword(string password)
		{
			using var rng = RandomNumberGenerator.Create();
			byte[] salt = new byte[SaltSize];
			rng.GetBytes(salt);

			using var pbkdf2 = new Rfc2898DeriveBytes(password, salt, Iterations, HashAlgorithmName.SHA256);
			byte[] key = pbkdf2.GetBytes(KeySize);

			return $"{Convert.ToBase64String(salt)}.{Convert.ToBase64String(key)}";
		}

		public bool VerifyPassword(string hashedPassword, string providedPassword)
		{
			var parts = hashedPassword.Split('.');
			if (parts.Length != 2) return false;

			byte[] salt = Convert.FromBase64String(parts[0]);
			byte[] storedKey = Convert.FromBase64String(parts[1]);

			using var pbkdf2 = new Rfc2898DeriveBytes(providedPassword, salt, Iterations, HashAlgorithmName.SHA256);
			byte[] newKey = pbkdf2.GetBytes(KeySize);

			return newKey.SequenceEqual(storedKey);
		}
	}
}