Re: MD5

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 11/25/05

  • Next message: Simon Cheng: "System.Security.Permissions.FileIOPermission" 
    Date: Thu, 24 Nov 2005 16:07:49 -0800

    Hello Marre,

    maybe the encoding is the problem

    i guess default is Unicode - give UTF8 or ASCII a try (or ask the company
    how the string is encoded :))

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick
    >
    > Well, Iīm trying to get two similar strings ;)
    > Just kidding.
    > This is a security check between me and a company working with
    > creditcard solutions on internet.
    >
    > I have this "formula": myMD5String = MD5(mySecretValue2 +
    > MD5(mySecretValue1
    > + "some string"))
    > I have two constant values in mySecretValue 1 and 2. The "some string"
    > value, is a value that I get from input-values that I have made erlier
    > on my
    > website.
    > I receive this "myMD5String" and are going to compare it with the
    > string i get with this formula. But I canīt get this working :(
    >
    > The call Iīm doing to this method shown in erlier message is this:
    > checkMD5sum(mySecretValue2 + checkMD5sum(mySecretValue1 + "some
    > string"));
    >
    > /Marre
    >
    > "Dominick Baier [DevelopMentor]"
    > <dbaier@pleasepleasenospamdevelop.com> wrote in message
    > news:4580be631487cd8c7bd95eb98d07e@news.microsoft.com...
    >
    >> Hello Marre,
    >>
    >> so far you are only doing
    >> MD5(inputvalue)
    >> is that what you want??
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi Dominick!
    >>>
    >>> Thanks for youre answer. Now I get a string, but I canīt get that
    >>> string equal with the string I receive :) I have to try it a little
    >>> bit more. My code looks like this:
    >>>
    >>> private string checkMD5sum(string inputvalue)
    >>> {
    >>> // Perform a hash operation using the phrase. This will
    >>> // generate a unique 32 character value to be used as the key.
    >>> byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
    >>> MD5 md5 = new MD5CryptoServiceProvider();
    >>> md5.ComputeHash(bytePhrase);
    >>> byte[] result = md5.Hash;
    >>> // Build the final string by converting each byte
    >>> // into hex and appending it to a StringBuilder
    >>> StringBuilder sb = new StringBuilder();
    >>> for (int i=0;i<result.Length;i++)
    >>> {
    >>> sb.Append(result[i].ToString("X2"));
    >>> }
    >>> // And return it
    >>> return sb.ToString();
    >>> }
    >>> Best regards
    >>> Marre
    >>> "Dominick Baier [DevelopMentor]"
    >>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
    >>> news:4580be631481398c7bd799da46c07@news.microsoft.com...
    >>>> Hello Marre,
    >>>>
    >>>> this uses SHA1 for something similar - should be enough to get you
    >>>> started...
    >>>>
    >>>> // Hash = H(salt, H(passphrase))
    >>>> static void lengthExtensionHash2()
    >>>> {
    >>>> Console.WriteLine("Hash with anti length extension attack 2");
    >>>> string password = "secret";
    >>>> byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
    >>>> byte[] salt = new byte[32];
    >>>> new RNGCryptoServiceProvider().GetBytes(salt);
    >>>> SHA1Managed sha = new SHA1Managed();
    >>>>
    >>>> byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);
    >>>>
    >>>> CryptoStream cs = new CryptoStream(Stream.Null, sha,
    >>>> CryptoStreamMode.Write);
    >>>> cs.Write(salt, 0, salt.Length);
    >>>> cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
    >>>> cs.FlushFinalBlock();
    >>>> byte[] hash = sha.Hash;
    >>>> string hashString = Convert.ToBase64String(hash);
    >>>> string saltString = Convert.ToBase64String(salt);
    >>>> Console.WriteLine("Hash: " + hashString);
    >>>> Console.WriteLine("Salt: " + saltString);
    >>>> }
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> Hi all!
    >>>>>
    >>>>> I have a md5 question.
    >>>>> I receive a md5 string created with Message-Digest algorithm and I
    >>>>> want to
    >>>>> create the same string in my webapplication.
    >>>>> I have this values to go on:
    >>>>> myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
    >>>>> string"))
    >>>>> myMD5String should of cource be the same as the md5 string i
    >>>>> receive.
    >>>>>
    >>>>> I have no idea if I have told you enough about my problem, but
    >>>>> someone might be able to point me to right direction :)
    >>>>>
    >>>>> Best regards
    >>>>> Marre

  • Next message: Simon Cheng: "System.Security.Permissions.FileIOPermission"

    Relevant Pages

    • Re: MD5
      ... This is a security check between me and a company working with creditcard ... The "some string" ... > Hello Marre, ... > Dominick Baier - DevelopMentor ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Split, Substring and other functions in expression editor?
      ... Jon Flanders ... "Sam Loveridge" wrote in message ... >> Jon Flanders [DevelopMentor] ... I'm trying to take a string variable in the BizTalk Expression ...
      (microsoft.public.biztalk.general)
    • String to Int
      ... Richard Blewett - DevelopMentor ... Kind of a newbie question, but I need to be able to convert a string to ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: datagrid,spliting value from database
      ... > string GetLeftHalf ... > void Grid_ItemCommand(object s, DataGridCommandEventArgs e) ... >>> DevelopMentor ... Prev by Date: ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Get role for any given user name
      ... have a look at the ctor of WindowsIdentity that takes a string. ... Dominick Baier - DevelopMentor ...
      (microsoft.public.dotnet.security)