Re: MD5

From: Marre (news_at_supremelink.se)
Date: 11/26/05 

Date: Sat, 26 Nov 2005 17:28:36 +0100

Hi Dominick!

I can see that the string is generated differently if I change the encoding.
Have not had the time to try it out, but as soon as I do that, you will
know.

Thanx for taking the time to help me here!
/Marre
"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be6314d95c8c7bf73c959366f@news.microsoft.com...
> Hello Marre,
>
> maybe the encoding is the problem
>
> i guess default is Unicode - give UTF8 or ASCII a try (or ask the company
> how the string is encoded :))
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi Dominick
>>
>> Well, Iīm trying to get two similar strings ;)
>> Just kidding.
>> This is a security check between me and a company working with
>> creditcard solutions on internet.
>>
>> I have this "formula": myMD5String = MD5(mySecretValue2 +
>> MD5(mySecretValue1
>> + "some string"))
>> I have two constant values in mySecretValue 1 and 2. The "some string"
>> value, is a value that I get from input-values that I have made erlier
>> on my
>> website.
>> I receive this "myMD5String" and are going to compare it with the
>> string i get with this formula. But I canīt get this working :(
>>
>> The call Iīm doing to this method shown in erlier message is this:
>> checkMD5sum(mySecretValue2 + checkMD5sum(mySecretValue1 + "some
>> string"));
>>
>> /Marre
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:4580be631487cd8c7bd95eb98d07e@news.microsoft.com...
>>
>>> Hello Marre,
>>>
>>> so far you are only doing
>>> MD5(inputvalue)
>>> is that what you want??
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Hi Dominick!
>>>>
>>>> Thanks for youre answer. Now I get a string, but I canīt get that
>>>> string equal with the string I receive :) I have to try it a little
>>>> bit more. My code looks like this:
>>>>
>>>> private string checkMD5sum(string inputvalue)
>>>> {
>>>> // Perform a hash operation using the phrase. This will
>>>> // generate a unique 32 character value to be used as the key.
>>>> byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
>>>> MD5 md5 = new MD5CryptoServiceProvider();
>>>> md5.ComputeHash(bytePhrase);
>>>> byte[] result = md5.Hash;
>>>> // Build the final string by converting each byte
>>>> // into hex and appending it to a StringBuilder
>>>> StringBuilder sb = new StringBuilder();
>>>> for (int i=0;i<result.Length;i++)
>>>> {
>>>> sb.Append(result[i].ToString("X2"));
>>>> }
>>>> // And return it
>>>> return sb.ToString();
>>>> }
>>>> Best regards
>>>> Marre
>>>> "Dominick Baier [DevelopMentor]"
>>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>>>> news:4580be631481398c7bd799da46c07@news.microsoft.com...
>>>>> Hello Marre,
>>>>>
>>>>> this uses SHA1 for something similar - should be enough to get you
>>>>> started...
>>>>>
>>>>> // Hash = H(salt, H(passphrase))
>>>>> static void lengthExtensionHash2()
>>>>> {
>>>>> Console.WriteLine("Hash with anti length extension attack 2");
>>>>> string password = "secret";
>>>>> byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
>>>>> byte[] salt = new byte[32];
>>>>> new RNGCryptoServiceProvider().GetBytes(salt);
>>>>> SHA1Managed sha = new SHA1Managed();
>>>>>
>>>>> byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);
>>>>>
>>>>> CryptoStream cs = new CryptoStream(Stream.Null, sha,
>>>>> CryptoStreamMode.Write);
>>>>> cs.Write(salt, 0, salt.Length);
>>>>> cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
>>>>> cs.FlushFinalBlock();
>>>>> byte[] hash = sha.Hash;
>>>>> string hashString = Convert.ToBase64String(hash);
>>>>> string saltString = Convert.ToBase64String(salt);
>>>>> Console.WriteLine("Hash: " + hashString);
>>>>> Console.WriteLine("Salt: " + saltString);
>>>>> }
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> Hi all!
>>>>>>
>>>>>> I have a md5 question.
>>>>>> I receive a md5 string created with Message-Digest algorithm and I
>>>>>> want to
>>>>>> create the same string in my webapplication.
>>>>>> I have this values to go on:
>>>>>> myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
>>>>>> string"))
>>>>>> myMD5String should of cource be the same as the md5 string i
>>>>>> receive.
>>>>>>
>>>>>> I have no idea if I have told you enough about my problem, but
>>>>>> someone might be able to point me to right direction :)
>>>>>>
>>>>>> Best regards
>>>>>> Marre
>
>

Relevant Pages

  • Re: Why asci-only symbols?
    ... >> Perhaps string equivalence in keys will be treated like numeric equivalence? ... I know typewill be and in itself contain no encoding information now, ... >and a Unicode string, the system default encoding ...
    (comp.lang.python)
  • Re: Byte Array to String
    ... retrieved text will mismatch the original characters. ... encoding the characters. ... Dim strFileData as String ...
    (microsoft.public.dotnet.framework.aspnet)
  • F is evil (was: XML::LibXML UTF-8 toString() -vs- nodeValue())
    ... And with C<use encoding 'utf8';> you'll get the same character string, ... A script is the complete program text, ...
    (comp.lang.perl.misc)
  • Re: eval and unicode
    ... encoding your terminal/file/whatnot is written in. ... you have a byte string that starts with u, then ", then something ... The first item in the sequence is \u5fb9 -- a unicode code point. ...
    (comp.lang.python)
  • Re: Character semantics for filenames (was: win32 reading wide filenames (unicode))
    ... *If* you do not change this string in any way. ... filenames should be converted from the OS ... encoding to perl strings by readdir and from perl strings to the OS ...
    (comp.lang.perl.misc)