Re: MD5

From: Marre (news_at_supremelink.se)
Date: 11/24/05 

Date: Thu, 24 Nov 2005 22:55:43 +0100

Hi Dominick

Well, I´m trying to get two similar strings ;)
Just kidding.

This is a security check between me and a company working with creditcard
solutions on internet.

I have this "formula": myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1
+ "some string"))
I have two constant values in mySecretValue 1 and 2. The "some string"
value, is a value that I get from input-values that I have made erlier on my
website.

I receive this "myMD5String" and are going to compare it with the string i
get with this formula. But I can´t get this working :(

The call I´m doing to this method shown in erlier message is this:
checkMD5sum(mySecretValue2 + checkMD5sum(mySecretValue1 + "some string"));

/Marre

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be631487cd8c7bd95eb98d07e@news.microsoft.com...
> Hello Marre,
>
> so far you are only doing
> MD5(inputvalue)
>
> is that what you want??
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi Dominick!
>>
>> Thanks for youre answer. Now I get a string, but I can´t get that
>> string equal with the string I receive :) I have to try it a little
>> bit more. My code looks like this:
>>
>> private string checkMD5sum(string inputvalue)
>> {
>> // Perform a hash operation using the phrase. This will
>> // generate a unique 32 character value to be used as the key.
>> byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
>> MD5 md5 = new MD5CryptoServiceProvider();
>> md5.ComputeHash(bytePhrase);
>> byte[] result = md5.Hash;
>> // Build the final string by converting each byte
>> // into hex and appending it to a StringBuilder
>> StringBuilder sb = new StringBuilder();
>> for (int i=0;i<result.Length;i++)
>> {
>> sb.Append(result[i].ToString("X2"));
>> }
>> // And return it
>> return sb.ToString();
>> }
>> Best regards
>> Marre
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:4580be631481398c7bd799da46c07@news.microsoft.com...
>>
>>> Hello Marre,
>>>
>>> this uses SHA1 for something similar - should be enough to get you
>>> started...
>>>
>>> // Hash = H(salt, H(passphrase))
>>> static void lengthExtensionHash2()
>>> {
>>> Console.WriteLine("Hash with anti length extension attack 2");
>>> string password = "secret";
>>> byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
>>> byte[] salt = new byte[32];
>>> new RNGCryptoServiceProvider().GetBytes(salt);
>>>
>>> SHA1Managed sha = new SHA1Managed();
>>>
>>> byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);
>>>
>>> CryptoStream cs = new CryptoStream(Stream.Null, sha,
>>> CryptoStreamMode.Write);
>>> cs.Write(salt, 0, salt.Length);
>>> cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
>>> cs.FlushFinalBlock();
>>> byte[] hash = sha.Hash;
>>>
>>> string hashString = Convert.ToBase64String(hash);
>>> string saltString = Convert.ToBase64String(salt);
>>> Console.WriteLine("Hash: " + hashString);
>>> Console.WriteLine("Salt: " + saltString);
>>> }
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Hi all!
>>>>
>>>> I have a md5 question.
>>>> I receive a md5 string created with Message-Digest algorithm and I
>>>> want to
>>>> create the same string in my webapplication.
>>>> I have this values to go on:
>>>> myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
>>>> string"))
>>>>
>>>> myMD5String should of cource be the same as the md5 string i
>>>> receive.
>>>>
>>>> I have no idea if I have told you enough about my problem, but
>>>> someone might be able to point me to right direction :)
>>>>
>>>> Best regards
>>>> Marre
>
>

Relevant Pages

  • Re: MD5
    ... Dominick Baier - DevelopMentor ... > This is a security check between me and a company working with ... > string i get with this formula. ... > The call I´m doing to this method shown in erlier message is this: ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: WindowsIdentity - Invalid token; it cannot be duplicated
    ... Dominick Baier ... So, the login method is common and before that we received the Token, ... IntPtr iToken, string domainName, string userName) ... and why do you have to pass tokens around?? ...
    (microsoft.public.dotnet.security)
  • Re: Get role for any given user name
    ... have a look at the ctor of WindowsIdentity that takes a string. ... Dominick Baier - DevelopMentor ...
    (microsoft.public.dotnet.security)
  • Re: How do I retreive Password, Secret Question and its answer from the Memberhisp API?
    ... Dominick Baier - DevelopMentor ... Dim clumsypwd As String = ... Dim SecretQuestionAnswer As String = ... I also can get the uniqueidentifier UserID using the below line ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: MD5
    ... I can see that the string is generated differently if I change the encoding. ... > Dominick Baier - DevelopMentor ... >> creditcard solutions on internet. ...
    (microsoft.public.dotnet.framework.aspnet.security)