Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider

From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 05/12/04


Date: Wed, 12 May 2004 12:24:23 -0300

Your problem is in the Hexa encoding loop. The ToString( b, 16) method gives
you a one char lenght for hexa values of one digit. I suggest you to use
this function for hexa encoding.

BitConverter.ToString( hash ).Replace( "-", string.Empty ).ToUpper()

-- 
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
This posting is provided "AS IS" with no warranties, and confers no rights.
"Super Julius" <super_julius@yahoo.com> wrote in message
news:e315dbfd.0405120452.688259ce@posting.google.com...
> Folks,
>
> I am struggling with the following problem. When I encode a string
> using FormsAuthentication or SHA1CryptoServiceProvider, I don't get
> the same encoding.
>
> In fact I have a SHA1 ASP implementation for one of our legacy
> application but I have done the migration using the following code:
>
> private string Hash(string toHash)
> {
> string hashed = "";
>
> SHA1 sha1 = new SHA1CryptoServiceProvider();
> byte[] hash =
sha1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(toHash));
>
> foreach(byte b in hash)
> hashed += Convert.ToString(b, 16).ToUpper();
>
> return hashed;
> }
>
> I then noticed that some values were not encoded the same way. So I
> tried using FormsAuthentication.HashPasswordForStoringInConfigFile(value,
> "SHA1"). Guess what the it encodes the values the same way the ASP
> SHA1 does.
>
> Basically this means that the code above with
> SHA1CryptoServiceProvider is just wrong. I have tried using all the
> encoding available when getting the bytes out of the string but I
> cannot get the same encoding.
>
> A value for which it does not work: ArntzHans
>
> Result with SHA1CryptoServiceProvider:
> 1C4F53FA399F44D81BF4F8540B5127FB44EDA2
>
> Result with FormsAuthentication:
> 1C4F53FA399F440D81BF4F8540B5127FB404EDA2
>               *                   *
>
> Note that the 2 '0' characters outlined on the 2nd result are missing
> from the first encoding.
>
> I have read a few threads from users having the same problem, but no
> concrete solution to the problem
>
> Wish someone can help me solving this out
>
> Thx
> Julien


Relevant Pages

  • SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider
    ... When I encode a string ... SHA1CryptoServiceProvider is just wrong. ... encoding available when getting the bytes out of the string but I ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Why asci-only symbols?
    ... >> Perhaps string equivalence in keys will be treated like numeric equivalence? ... I know typewill be and in itself contain no encoding information now, ... >and a Unicode string, the system default encoding ...
    (comp.lang.python)
  • Re: Byte Array to String
    ... retrieved text will mismatch the original characters. ... encoding the characters. ... Dim strFileData as String ...
    (microsoft.public.dotnet.framework.aspnet)
  • F is evil (was: XML::LibXML UTF-8 toString() -vs- nodeValue())
    ... And with C<use encoding 'utf8';> you'll get the same character string, ... A script is the complete program text, ...
    (comp.lang.perl.misc)
  • Re: eval and unicode
    ... encoding your terminal/file/whatnot is written in. ... you have a byte string that starts with u, then ", then something ... The first item in the sequence is \u5fb9 -- a unicode code point. ...
    (comp.lang.python)