Re: Encyption

I am hasing passwords, password + salt to produce a unique password

"Dominick Baier [DevelopMentor]" wrote:

Hi,

using HMACxxx is the wrong approach - or do you want to encrypt the hash?

Different hashing algorithm produce different output lengthts

SHA1 = 160bits
SHA256 = 256bits
SHA512 = 512bits

simply use them like this:

SHA256Managed sha = new SHA256Manager()

byte[] hash = sha.ComputeHash(data);

if you want flexible output lengths (or maybe you are hashing passwords??)

use PasswordDeriveBytes (1.1) or better Rfc2898DeriveBytes (2.0)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

HI, im trying to get a string hashed, im trying to use the example:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnet
sec/html/cryptosimplified.asp

my problem is that even if i have a string that is 20 characters long
and a salt that is 80 characters, the output is still only like
15characters, i am trying to get a hash output that is atleast
100characters long.

i have tried to alter the code alittle to see if i could get a longer
hash returned, but sofar nothing.

private HashAlgorithm mhash;

private void cmdHash_Click (object sender, System.EventArgs e)
{
string temp = string.Empty;
txtSalt.Text = CreateSalt();
temp = txtOriginal.Text + txtSalt.Text.Substring(8, 70);
txtHashed.Text = HashString(temp, txtSalt.Text);
}

private string CreateSalt ()
{
byte[] bytSalt = new byte[80];
RNGCryptoServiceProvider rng;
rng = new RNGCryptoServiceProvider();

rng.GetBytes(bytSalt);

return Convert.ToBase64String(bytSalt);
}
private string HashString(string Value, string salt)
{
byte[] bytValue;
byte[] bytHash;
mhash = HMACSHA1(Convert.FromBase64String(salt));

// Convert the original string to array of Bytes
bytValue = System.Text.Encoding.UTF8.GetBytes(Value);
// Compute the Hash, returns an array of Bytes
bytHash = mhash.ComputeHash(bytValue);
mhash.Clear();

// Return a base 64 encoded string of the Hash value
return Convert.ToBase64String(bytHash);
}



.

Relevant Pages

  • Re: Encyption
    ... using HMACxxx is the wrong approach - or do you want to encrypt the hash? ... Different hashing algorithm produce different output lengthts ... my problem is that even if i have a string that is 20 characters long ... private string HashString ...
    (microsoft.public.dotnet.security)
  • Re: Reversible hash to transform series of small integers into well-distributed output values?
    ... standard hash isnt' reversible. ... > I'm trying to find a reasonable REVERSIBLE scheme for generating long, ... > generating a random string of random length and prepending it to each ... > and I'd like to use a different salt for each active user (generated ...
    (sci.crypt)
  • Re: salted md5 hash
    ... that method generates long hash values, ... So you need to salt the string before ... >> How can I get hash value for a specified string with specified salt? ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Hash salt (was Re: BCRYPT - Why not using it?)
    ... On Debian 6.0 stable, it's 8. ... string is the salt? ... the process what algorithm to use for the hash. ... Between the second and third '$' is the salt itself. ...
    (Debian-User)
  • RE: salted md5 hash
    ... So you need to salt the string before creating the hash and then store the salt along with the hashed pwd for retrival. ... > not find anything about salted md5 algorithm. ...
    (microsoft.public.dotnet.languages.csharp)