I have an Excel workbook currently acting as a booking diary. It has users/passwords stored in a database, the passwords are hashed using SHA1 (with no salt at the moment to make this easier)
When I store a user with password password I get the following hash in the database:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
This is backed up by trying the string here and here, both give the same result as my VBA SHA1 function
So now I want to move this application into C# (probably and ASP.NET web app eventually), so I'm using the following to generate the SHA1 hash:
// Convert plain text into a byte array
byte[] plainTextBytes = Encoding.Default.GetBytes("password");
// Define hash object
HashAlgorithm hash = new SHA1Managed();
// Compute hash value of our plain text
byte[] hashBytes = hash.ComputeHash(plainTextBytes);
// Convert result into a base64-encoded string
string hashValue = Convert.ToBase64String(hashBytes);
Console.WriteLine(hashValue);
but this outputs
W6ph5Mm5Pz8GgiULbPgzG37mj9g=
I must have done some small thing wrong, but I can't work out what it is :(. I have tried the different encoding types (UTF8, ASCII, Unicode) but none produce the correct hash
Can someone shed some light on this for me please?
You converted the string to base64, although it seems you want hex. Convert to hex instead.
You should convert hashBytes into HexString, not Base64.
string hashValue = Convert.ToBase64String(hashBytes);
That's the problem statement, the result string you quoted was not base64 encoded, it was encoded in hex. You get the value you are looking for with:
string hashValue = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
Which produces:
"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
Related
I have been looking at a lot of different C# encryption examples. In most examples the encryption Key as well as the Initialization Vector (IV) are passed into the encryption/decryption methods as an array of bytes.
I would like to store the Key and IV as strings. The Key in a Hardware Security Module and the IV as an nvarchar in the SQL Server database.
I keep running into propblems on how to properly convert the Key and the IV as string. Some examples say to use Base64 Encoding while other examples use Encoding.UTF8.
Here is an example that generates an IV and converts it to a Base64 string...
using (var aesProvider = new AesCryptoServiceProvider())
{
aesProvider.GenerateIV();
var ivBase64 = Convert.ToBase64String(aesProvider.IV);
return ivBase64;
}
However, when I pass this string representation of the IV into the encryption method and then convert it back to a byte array the following code fails saying the IV is not the proper size.
byte[] initVectorBytes = Encoding.UTF8.GetBytes(initializationVector);`
// intermediate code excluded for brevity
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);
Is there a standard way of converting an encryption Key and IV back and forth between a byte array and String representation?
You cannot convert binary data to UTF-8 and back again. Some binary sequences are not valid UTF-8 characters and when you convert to UTF-8 that data is lost. It's the equivalent of some characters getting set to '?' when converting between encodings.
You can instead use base64 encoding of binary data to text, and then base64 decode to get back the original binary.
Try converting this to UTF-8, for example: "\x00?\xdc\x80" (that's four bytes: 0, 63, 220, 128). It won't encode to UTF-8 -- it's not valid.
The standard way is using Base-64 encoding - How do I encode and decode a base64 string?
I have a software which stores passwords using an unknown hashing method. for example if the 123456789 set as the password, it would be stored in the database by two fields which are 'salt' (seems that the salt is generated randomly) and 'hashed'. And I need to know how the software reaches to that hashed string.
as an example for the origial string: 123456789
the salt is: ifWIg1IB
hashed is: QkKtpxSqd+kIH2EuMkNdWV44B2g=
I need to know it because of making an integrated login system via this hashed password. I think it is very important to avoid make lots of username and password for each person in an office.
with the best respects
Your 'hashed' output is a base-64 encoded string. Decoding the string results in a 20-byte digest. SHA-1 produces 20-byte hashes so it looks like the generation process is:
base64(sha1(combine(salt, password)))
there are two obvious approaches to combining the salt and password plaintext - append or prepend the salt to the password. If you prepend the salt you end up with the following algorithm to generate the encoded digest:
public static string GenPasswordString(string password, string salt)
{
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(salt + password);
using (var alg = new System.Security.Cryptography.SHA1Managed())
{
byte[] hashBytes = alg.ComputeHash(bytes);
return Convert.ToBase64String(hashBytes);
}
}
and
GenPasswordString("123456789", "ifWIg1IB") == "QkKtpxSqd+kIH2EuMkNdWV44B2g="
I have code to generate SHA512 from string.
public static string GetCrypt(string text)
{
string hash = "";
SHA512 alg = SHA512.Create();
byte[] result = alg.ComputeHash(Encoding.UTF8.GetBytes(text));
hash = Encoding.UTF8.GetString(result);
return hash;
}
Now I must convert hash back to string. Any ideas how can it be done? Thank you.
Hashes are 1-way. You can't get it back (easily). you might want actual encryption.
Yes. Hashes are one-way. Please use symmetric encryption classes like RijndaelManaged.
Here is a RijndaelSimple class that I am using:
http://www.obviex.com/samples/encryption.asp
The cached version of the same link is here:
http://webcache.googleusercontent.com/search?q=cache:WyVau-XgIzkJ:www.obviex.com/samples/encryption.asp&hl=en&prmd=imvns&strip=1
You cant convert a hash back to string from which you computed the hash.
If you want it then you would have to compare the hash with each of the target strings hash.
If one of them matches with the hash,then that hash comes from the target string.
Its use: If you want to store passwords in database,you can store its hashes instead of passwords.So even if a hacker gets access to your database,he cant get the password cuz it is hashed.The only way to know the string through which we created the hash is to match it with the desired string!
I want to get text inputted by the user into the maskedTextBox and then encode it into byte[] which will be hashed into SHA256 to compare with password hashes stored at my database. The problem is that I've only found .GetCharFromPosition(Point pt) which I don't know how to use (I would know if it would be a simple index in place of this "Point") and .GetHashCode but it needs to be SHA256, not some undefined hash...
You can get the bytes of a string in a certain encoding using Encoding.GetBytes. For example, to get it as an array of bytes as UTF-8:
System.Text.Encoding.UTF8.GetBytes(yourTextBox.Text)
I'm trying to write a basic hashing function accepts an input string and a salt string. Both of those strings then need to be converted to byte arrays, combined then the hash is generated.
I've dug around the Microsoft Membership for inspiration and see that they do it this way:
byte[] bytes = Encoding.Unicode.GetBytes(input);
byte[] array = Convert.FromBase64String(salt);
So what I want to ask is:
Is unicode the best encoding to use when converting the input string to a byte array? What about UTF-8?
Is a Base64String the best format to use for the salt value? If I limit to a Base64 string then essentially I always have to use a hash as a salt, is this the recommended way?