AntiBruteForce 1.24.5.2

.NET Standard 2.0

dotnet add package AntiBruteForce --version 1.24.5.2

NuGet\Install-Package AntiBruteForce -Version 1.24.5.2

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="AntiBruteForce" Version="1.24.5.2" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add AntiBruteForce --version 1.24.5.2

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: AntiBruteForce, 1.24.5.2"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install AntiBruteForce as a Cake Addin
#addin nuget:?package=AntiBruteForce&version=1.24.5.2

// Install AntiBruteForce as a Cake Tool
#tool nuget:?package=AntiBruteForce&version=1.24.5.2

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Anti Brute Force

Key derivation function for defense against brute force attacks

(Argon3 candidate)

This Key derivation function software is proposed as a valid alternative to Argon2, focusing on the simplicity of the solution and the easy understanding of the mechanisms adopted.

This project aims to create a simple solution, reduced to the minimum terms, understandable by anyone with a basic knowledge of cryptography. Very complex, convoluted and daring systems generate many mechanisms in which dangerous pitfalls can hide. By reducing this process to the minimum terms with a minimalist solution to the problem, we wanted to create a system that is truly verifiable and testable by a large number of scholars interested in the topic. We have nominated this algorithm as Argon3 Candidate (improvement of Argon2 for the reasons described here).

This publication is an official presentation addressed to the scientific community

The source is published here: https://github.com/Andrea-Bruno/AntiBruteForce

Key Derivation Functions - Concepts

In cryptography we often use passwords instead of binary keys, because passwords are easier to remember, to write down and can be shorter. When a certain algorithm needs a key (e.g. for encryption or for digital signing) a key derivation function (password → key) is needed. We already noted that using SHA-256(password) as key-derivation is insecure! It is vulnerable to many attacks: brute-forcing, dictionary attacks, rainbow attacks and others, which may reverse the hash in practice and attacker can obtain the password.

Cryptographic Key Derivation Functions

PBKDF2, Bcrypt, Scrypt and Argon2 are significantly stronger key derivation functions and are designed to survive password guessing (brute force) attacks. By design secure key derivation functions use salt (random number, which is different for each key derivation) + many iterations (to speed-down eventual password guessing process). This is a process, known as key stretching. To calculate a secure KDF it takes some CPU time to derive the key (e.g. 0.2 sec) + some memory (RAM). Thus deriving the key is "computationally expensive", so password cracking will also be computationally expensive. When a modern KDF function is used with appropriate config parameters, cracking passwords will be slow (e.g. 5-10 attempts per second, instead of thousands or millions attempts per second). All of the above mentioned key-derivation algorithms (PBKDF2, Bcrypt, Scrypt and Argon2) are not patented and royalty-free for public use.

Examples of use:

using System.Diagnostics;
using System.Reflection;
using static AntiBruteForce.Perform;

const int MinLength = 8;

inputPassword:
Console.WriteLine("Create a password:");
string? password = Console.ReadLine();
if (password?.Length < MinLength)
{
    Console.WriteLine("The password must have at least " + MinLength + " characters");
    goto inputPassword;
}
Console.WriteLine("Computation in progress, please wait!");

// Function that updates the progression of the computation in the console
static void progressStatus(float progress) => Console.WriteLine((int)(progress * 100) + "%");

// Generate constant salt (recommended but not required)
var Salt = Assembly.GetEntryAssembly()?.GetTypes().First().GUID;

// Start the stopwatch to measure the time taken for the computation
var Stopwatch = new Stopwatch();
Stopwatch.Start();

// Compute the derivative with "Strong" level
var KeyDerivation = StringToKeyDerivation(password, (int)AntiBruteForceInteractions.Strong, 50, default, progressStatus, salt: Salt?.ToByteArray());

// Write the computation time
Stopwatch.Start();
Console.WriteLine("Computation time: " + Stopwatch.Elapsed);

// Write the derivation in hex format
Console.WriteLine("Key Derivation (hex) = " + BitConverter.ToString(KeyDerivation));

Test project
- See the TestAntiBruteForce project included in the same repository as this library
- Source code of the project: https://github.com/Andrea-Bruno/AntiBruteForce
Cross-platform dotnet encryption and decryption library
- Use this algorithm to optionally prevent brute force attacks with encryption methods
- Source code of the project: https://github.com/Andrea-Bruno/EncryptionAlgorithm
Passphrase Keeper
- The seed that is entered is covered by brute force attacks via ParallelHash using entropy and several megabytes of memory
- Source code of the project: https://github.com/Andrea-Bruno/PassphraseKeeper

Product	Compatible and additional computed target framework versions.
.NET	net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.
.NET Core	netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed.
.NET Standard	netstandard2.0 is compatible. netstandard2.1 was computed.
.NET Framework	net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed.
MonoAndroid	monoandroid was computed.
MonoMac	monomac was computed.
MonoTouch	monotouch was computed.
Tizen	tizen40 was computed. tizen60 was computed.
Xamarin.iOS	xamarinios was computed.
Xamarin.Mac	xamarinmac was computed.
Xamarin.TVOS	xamarintvos was computed.
Xamarin.WatchOS	xamarinwatchos was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

.NETStandard 2.0
- No dependencies.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on AntiBruteForce:

Package	Downloads
EncryptionAlgorithm Strong encryption algorithm, and simple to use. Accepts keys and data packets of any length.	691

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
1.24.5.2	105	5/1/2024
1.24.5.1	109	5/1/2024
1.24.4.29	71	4/29/2024