Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider

From: Hernan de Lahitte (
Date: 05/12/04

Date: Wed, 12 May 2004 12:24:23 -0300

Your problem is in the Hexa encoding loop. The ToString( b, 16) method gives
you a one char lenght for hexa values of one digit. I suggest you to use
this function for hexa encoding.

BitConverter.ToString( hash ).Replace( "-", string.Empty ).ToUpper()

Hernan de Lahitte
Lagash Systems S.A.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Super Julius" <> wrote in message
> Folks,
> I am struggling with the following problem. When I encode a string
> using FormsAuthentication or SHA1CryptoServiceProvider, I don't get
> the same encoding.
> In fact I have a SHA1 ASP implementation for one of our legacy
> application but I have done the migration using the following code:
> private string Hash(string toHash)
> {
> string hashed = "";
> SHA1 sha1 = new SHA1CryptoServiceProvider();
> byte[] hash =
> foreach(byte b in hash)
> hashed += Convert.ToString(b, 16).ToUpper();
> return hashed;
> }
> I then noticed that some values were not encoded the same way. So I
> tried using FormsAuthentication.HashPasswordForStoringInConfigFile(value,
> "SHA1"). Guess what the it encodes the values the same way the ASP
> SHA1 does.
> Basically this means that the code above with
> SHA1CryptoServiceProvider is just wrong. I have tried using all the
> encoding available when getting the bytes out of the string but I
> cannot get the same encoding.
> A value for which it does not work: ArntzHans
> Result with SHA1CryptoServiceProvider:
> 1C4F53FA399F44D81BF4F8540B5127FB44EDA2
> Result with FormsAuthentication:
> 1C4F53FA399F440D81BF4F8540B5127FB404EDA2
>               *                   *
> Note that the 2 '0' characters outlined on the 2nd result are missing
> from the first encoding.
> I have read a few threads from users having the same problem, but no
> concrete solution to the problem
> Wish someone can help me solving this out
> Thx
> Julien

Relevant Pages

  • SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider
    ... When I encode a string ... SHA1CryptoServiceProvider is just wrong. ... encoding available when getting the bytes out of the string but I ...
  • Re: Why asci-only symbols?
    ... >> Perhaps string equivalence in keys will be treated like numeric equivalence? ... I know typewill be and in itself contain no encoding information now, ... >and a Unicode string, the system default encoding ...
  • Re: Byte Array to String
    ... retrieved text will mismatch the original characters. ... encoding the characters. ... Dim strFileData as String ...
  • F is evil (was: XML::LibXML UTF-8 toString() -vs- nodeValue())
    ... And with C<use encoding 'utf8';> you'll get the same character string, ... A script is the complete program text, ...
  • Re: eval and unicode
    ... encoding your terminal/file/whatnot is written in. ... you have a byte string that starts with u, then ", then something ... The first item in the sequence is \u5fb9 -- a unicode code point. ...