Re: MD5

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 11/22/05


Date: Tue, 22 Nov 2005 03:44:30 -0800

Hello Marre,

this uses SHA1 for something similar - should be enough to get you started...

       // Hash = H(salt, H(passphrase))
        static void lengthExtensionHash2()
        {
            Console.WriteLine("Hash with anti length extension attack 2");

            string password = "secret";
            byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
            byte[] salt = new byte[32];

            new RNGCryptoServiceProvider().GetBytes(salt);

            SHA1Managed sha = new SHA1Managed();

            byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

            CryptoStream cs = new CryptoStream(Stream.Null, sha, CryptoStreamMode.Write);
            cs.Write(salt, 0, salt.Length);
            cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
            
            cs.FlushFinalBlock();

            byte[] hash = sha.Hash;

            string hashString = Convert.ToBase64String(hash);
            string saltString = Convert.ToBase64String(salt);

            Console.WriteLine("Hash: " + hashString);
            Console.WriteLine("Salt: " + saltString);
        }

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi all!
>
> I have a md5 question.
> I receive a md5 string created with Message-Digest algorithm and I
> want to
> create the same string in my webapplication.
> I have this values to go on:
>
> myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
> string"))
>
> myMD5String should of cource be the same as the md5 string i receive.
>
> I have no idea if I have told you enough about my problem, but someone
> might be able to point me to right direction :)
>
> Best regards
> Marre