Re: using md5 but want sha-1

Hi,

CryptoServiceProvider means that this is a wrapper around the native Crypto API
Managed means it is a .net implementation

they are both in the same namespace. The native ones are faster, the managed ones have less platform dependencies.

docs = .NET Framework SDK / Visual Studio Help :)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi,

I'm using
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
byte[] hashedDataBytes;
UTF8Encoding encoder = new UTF8Encoding();
hashedDataBytes =
md5Hasher.ComputeHash(encoder.GetBytes(strPassword));
I notice there is a SHA1CryptServiceProvider By the way, I'm using 1.1

Is that what you mean with managed. Is this from
System.Security.Cryptography?
Which docs where you refereing too?
Thanks
"Dominick Baier [DevelopMentor]" wrote:

Hi,

first of all - SHA1 is a hashing algorithm -  no encryption. Hashing
is a non-reversible process, which is fine for passwords.

The corresponding class is called SHA1Managed - i would recommend
moving to SHA256Managed if you can.

Both support a ComputeHash method that takes a byte[] and returns a
byte[].

Especially for passwords i would recommend using PasswordDeriveBytes
(1.1) or Rfc2898DeriveBytes (2.0).

have a look at them in the docs - if you have further questions -
feel free to ask.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi,
I was reading that md5 is not that secure and that sha-1 or
whilpool or
ripemd-160 were better solutions. I'm using asp.net and I want to
encrypt the
password. Where can I find a sample code for that with sha-1. I
can't
seem to find one.
Thanks
Francisco



.