|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Encyptionmy problem is that even if i have a string that is 20 characters long and a salt that is 80 characters, the output is still only like 15characters, i am trying to get a hash output that is atleast 100characters long. i have tried to alter the code alittle to see if i could get a longer hash returned, but sofar nothing. private HashAlgorithm mhash; private void cmdHash_Click (object sender, System.EventArgs e) { string temp = string.Empty; txtSalt.Text = CreateSalt(); temp = txtOriginal.Text + txtSalt.Text.Substring(8, 70); txtHashed.Text = HashString(temp, txtSalt.Text); } private string CreateSalt () { byte[] bytSalt = new byte[80]; RNGCryptoServiceProvider rng; rng = new RNGCryptoServiceProvider(); rng.GetBytes(bytSalt); return Convert.ToBase64String(bytSalt); } private string HashString(string Value, string salt) { byte[] bytValue; byte[] bytHash; mhash = HMACSHA1(Convert.FromBase64String(salt)); // Convert the original string to array of Bytes bytValue = System.Text.Encoding.UTF8.GetBytes(Value); // Compute the Hash, returns an array of Bytes bytHash = mhash.ComputeHash(bytValue); mhash.Clear(); // Return a base 64 encoded string of the Hash value return Convert.ToBase64String(bytHash); } Hi,
using HMACxxx is the wrong approach - or do you want to encrypt the hash? Different hashing algorithm produce different output lengthts SHA1 = 160bits SHA256 = 256bits SHA512 = 512bits simply use them like this: SHA256Managed sha = new SHA256Manager() byte[] hash = sha.ComputeHash(data); if you want flexible output lengths (or maybe you are hashing passwords??) use PasswordDeriveBytes (1.1) or better Rfc2898DeriveBytes (2.0) --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > HI, im trying to get a string hashed, im trying to use the example: > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnet > sec/html/cryptosimplified.asp > > my problem is that even if i have a string that is 20 characters long > and a salt that is 80 characters, the output is still only like > 15characters, i am trying to get a hash output that is atleast > 100characters long. > > i have tried to alter the code alittle to see if i could get a longer > hash returned, but sofar nothing. > > private HashAlgorithm mhash; > > private void cmdHash_Click (object sender, System.EventArgs e) > { > string temp = string.Empty; > txtSalt.Text = CreateSalt(); > temp = txtOriginal.Text + txtSalt.Text.Substring(8, 70); > txtHashed.Text = HashString(temp, txtSalt.Text); > } > > private string CreateSalt () > { > byte[] bytSalt = new byte[80]; > RNGCryptoServiceProvider rng; > rng = new RNGCryptoServiceProvider(); > > rng.GetBytes(bytSalt); > > return Convert.ToBase64String(bytSalt); > } > private string HashString(string Value, string salt) > { > byte[] bytValue; > byte[] bytHash; > mhash = HMACSHA1(Convert.FromBase64String(salt)); > > // Convert the original string to array of Bytes > bytValue = System.Text.Encoding.UTF8.GetBytes(Value); > // Compute the Hash, returns an array of Bytes > bytHash = mhash.ComputeHash(bytValue); > mhash.Clear(); > > // Return a base 64 encoded string of the Hash value > return Convert.ToBase64String(bytHash); > } I am hasing passwords, password + salt to produce a unique password
Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hi, > > using HMACxxx is the wrong approach - or do you want to encrypt the hash? > > Different hashing algorithm produce different output lengthts > > SHA1 = 160bits > SHA256 = 256bits > SHA512 = 512bits > > simply use them like this: > > SHA256Managed sha = new SHA256Manager() > > byte[] hash = sha.ComputeHash(data); > > if you want flexible output lengths (or maybe you are hashing passwords??) > > use PasswordDeriveBytes (1.1) or better Rfc2898DeriveBytes (2.0) > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > HI, im trying to get a string hashed, im trying to use the example: > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnet > > sec/html/cryptosimplified.asp > > > > my problem is that even if i have a string that is 20 characters long > > and a salt that is 80 characters, the output is still only like > > 15characters, i am trying to get a hash output that is atleast > > 100characters long. > > > > i have tried to alter the code alittle to see if i could get a longer > > hash returned, but sofar nothing. > > > > private HashAlgorithm mhash; > > > > private void cmdHash_Click (object sender, System.EventArgs e) > > { > > string temp = string.Empty; > > txtSalt.Text = CreateSalt(); > > temp = txtOriginal.Text + txtSalt.Text.Substring(8, 70); > > txtHashed.Text = HashString(temp, txtSalt.Text); > > } > > > > private string CreateSalt () > > { > > byte[] bytSalt = new byte[80]; > > RNGCryptoServiceProvider rng; > > rng = new RNGCryptoServiceProvider(); > > > > rng.GetBytes(bytSalt); > > > > return Convert.ToBase64String(bytSalt); > > } > > private string HashString(string Value, string salt) > > { > > byte[] bytValue; > > byte[] bytHash; > > mhash = HMACSHA1(Convert.FromBase64String(salt)); > > > > // Convert the original string to array of Bytes > > bytValue = System.Text.Encoding.UTF8.GetBytes(Value); > > // Compute the Hash, returns an array of Bytes > > bytHash = mhash.ComputeHash(bytValue); > > mhash.Clear(); > > > > // Return a base 64 encoded string of the Hash value > > return Convert.ToBase64String(bytHash); > > } > > > 
Other interesting topics
AuthenticateAsServer/AuthenticateAsClient ProtectionLevel and iden
Running application in local intranet HOWTO Run CASPOL for full trust on UserControl. .NET 2.0, X509Certificates and CRL Check Issues With User Control Embedded Into Web Page Since Installing .NET 2.0 Security exception while opening an OleDBConnection CAS exception - crash verify write permission to a folder Translate BUILTIN to domain name CAPICOM within .NET |
|||||||||||||||||||||||
