Re: Encyption



I am hasing passwords, password + salt to produce a unique password

"Dominick Baier [DevelopMentor]" wrote:

Hi,

using HMACxxx is the wrong approach - or do you want to encrypt the hash?

Different hashing algorithm produce different output lengthts

SHA1 = 160bits
SHA256 = 256bits
SHA512 = 512bits

simply use them like this:

SHA256Managed sha = new SHA256Manager()

byte[] hash = sha.ComputeHash(data);

if you want flexible output lengths (or maybe you are hashing passwords??)

use PasswordDeriveBytes (1.1) or better Rfc2898DeriveBytes (2.0)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

HI, im trying to get a string hashed, im trying to use the example:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnet
sec/html/cryptosimplified.asp

my problem is that even if i have a string that is 20 characters long
and a salt that is 80 characters, the output is still only like
15characters, i am trying to get a hash output that is atleast
100characters long.

i have tried to alter the code alittle to see if i could get a longer
hash returned, but sofar nothing.

private HashAlgorithm mhash;

private void cmdHash_Click (object sender, System.EventArgs e)
{
string temp = string.Empty;
txtSalt.Text = CreateSalt();
temp = txtOriginal.Text + txtSalt.Text.Substring(8, 70);
txtHashed.Text = HashString(temp, txtSalt.Text);
}

private string CreateSalt ()
{
byte[] bytSalt = new byte[80];
RNGCryptoServiceProvider rng;
rng = new RNGCryptoServiceProvider();

rng.GetBytes(bytSalt);

return Convert.ToBase64String(bytSalt);
}
private string HashString(string Value, string salt)
{
byte[] bytValue;
byte[] bytHash;
mhash = HMACSHA1(Convert.FromBase64String(salt));

// Convert the original string to array of Bytes
bytValue = System.Text.Encoding.UTF8.GetBytes(Value);
// Compute the Hash, returns an array of Bytes
bytHash = mhash.ComputeHash(bytValue);
mhash.Clear();

// Return a base 64 encoded string of the Hash value
return Convert.ToBase64String(bytHash);
}



.