I want to know how php, c# has included the md5 hashing because how can php or c# include md5 hashing system without knowing the algorithm, and how have the managed to keep the algorithm secure, and does this mean that the people who made c# or php know the md5 algorithm?
If there is a need to keep the hash (or encryption) algorithm secret, then it is not really good.
The MD5 algorithm is available for everyone.
Yes, md5 algorithm is public - http://en.wikipedia.org/wiki/MD5
Anyone can independently implement it in any language.
While I am not sure what you mean by secure, assuming you are referring to using md5 as a password hash, md5 is not secure. If thats what you are planning, read How To Safely Store A Password.
The nice thing about encryption algorithms is that even if you know how it works you can't easily decrypt it. That's why most encryption algorithms are public, at least the ones deployed by c# and php. But md5 isn't really secure anymore, you better use AES.
Firstly - It's down to the source code library included in the language build.
Secondly - MD5 is a one way algorithm, It doesn't need to be secure, there is no 'key'
Everyone has already said this, but I'll add this one thing... MD5 isn't meant to "obscure" things, really, It's really a way to "normalize" data. No matter what you start with you end up with a 32 character [thing] that represents the original string. It's a fabulous way to make sure that the original string is what you expect it to be. That's why it's frequently used to compare files, since no matter what the original content of a file, it can still be represented with a 32 character string. So, the answer to your question is really that the whole point is to simply make sure that it's the SAME algorithm in all these different languages so that you can count on the same result no matter where you convert your source string to its MD5 counterpart.
Related
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do I encrypt a string and get a equal length encrypted string?
I am new to Encryption and Decryption. I have a string which is 24 char length. I need to encrypt and decrypt the word. The encryption may be less secure but I need encrypted word should be same length as input string (24 char). I have searched through web and find some sample Encryption algorithm (AES, MD5). But the encrypted word is too length than input string. This is product key that we will share to customer, so strong encryption is not required. It would be useful if you share sample codes.
Use Vernam cipher. For a single string with a truly-randomly generated key it's theoretically unbreakable. If you start using the same key for multiple strings you reduce its security significantly but apparently you are not looking for utmost security. If you are, you must be able to come up with a different random key for each encrypted password.
Although you can find lots of sample code on the web, I think it would be good practice to you to implement it yourself. It's pretty straightforward.
What you're looking for seems to be Format-preserving encryption, I don't think there are any implementations of this in .NET (I certainly haven't used any). You may need to think up a custom algorithm for this. You say strong encryption isn't required, but you'll obviously need the algorithm to not be obvious. Unfortunately there are literally hundreds of ways you could do this, so it depends on which one suits you.
This seems to be a great post for encryption algorithms
To make the cyphertext the same length as the plaintext, use a stream cypher. This can either be a block cypher in CTR mode, such as AES-CTR, or a dedicated stream cypher, like Rabbit or RC4.
Be aware that you cannot reuse a key for a stream cypher, otherwise an attacker will probably be able to break the encryption. Two cyphertexts that use the same key can be used to eliminate the key entirely, leaving just the two plaintexts.
If you only have the one 24 byte word to encrypt then this is not a problem. If you need to encrypt more than one piece of data, then key management becomes important.
I am writing a .net application and want to use a supper strong encryption key by using the unicode characters to make it hard for the hackers to hack the code. The encryption key would be any characters from the http://www.unicode.org.
For example my encryption key could லูᇉޒۻڃxxxxxxxxxxxx + couple hundred characters which is very difficult for the computer to predict my code. I think the unicode has more than 95,000 characters.
I am wondering if there is any data corruption because of these complex characters. Of course I have to check the decrypt data to make sure the code can decrypt before I save the information to the database. I have tested my code for more than 10 millions times to see how reliable and it run pretty good.
Any thoughts guys?
Encryption is very very difficult to do. More likely than not, your approach will be very insecure.
The strength of an algorithm is more than just a key size. I'd wager that DES with a 56-bit key is more "secure" than probably any home made cipher.
The AES process was a multiple year effort of every cryptographer in the world, multiple government agencies, support from Microsoft, RSA (among others), various open source projects, and millions of dollars. Even after all that, we still find new attacks against AES.
What are your requirements? You should use established protocols and algorims. If you say what your trying to do, we can give better advice.
i want to encrypt string in java and decrypt the same string in C# and vice versa .how to do it .and which is best encryption method
Thanks
aswan
You need to go with a standard encryption method. The algorithm used will be secure, the result will be portable and there are libraries for many platforms. 3-DES or AES would be good choices.
The word "best" is different things to different people, and strongly influence the choices available to you.
If speed is extremely important to you, then just add one to every character value, send it, and subtract one again. In other words send "ABC" as "BCD".
AES is supported in the .NET framework in the Rijndael class, you can find the documentation on MSDN http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndael.aspx. When encrypting a string you will want to make sure that the way you choose your key is a secure method, and make sure it is stored in a secure place as well. In any encryption scheme the weakest link is the key.
I want to generate a hash code for a file. Using C# I would do something like this then store the value in a database.
byte[] b = File.ReadAllBytes(#"C:\image.jpg");
string hash = ComputeHash(b);
Now, if i use say a Java program that implements the same hashing alogorithm (Md5), can i expect the hash values to be the equal to the value generated in C#? What if i execute the java program from different environments, Windows, Linux or Mac?
Hash values are not globally unique. But that is not what you are really asking.
What you really want to know is whether a hashing algorithm (such as MD5) will produce the same hash value for identical files on different operating system platforms. The answer to that is "yes" ... provided that files are byte-for-byte identical.
In the case of an binary format that should be the case. In the case of text files, transcoding between different character encodings, or changing line termination sequences will make the files different at the byte level and result in different MD5 hash values.
Havh values generated from the same input and with the same algorithm are defined to be equal. 1+1=2, regardless of the programming language I program this in.
Otherwise the internet would not work at all, you know.
My suggestion would be to use a common/accepted hashing algorithm like MD5 to achieve the same hash values.
If the Hashing algorithm and the input are same, the hash value generated would be same irrespective of language or environment.
The hashing algorithm takes the full/part of the key and manipulates it to generate the value which is why it would be same in all languages.
I wish I could comment on this but I don't have enough reputation to do that.
While I don't know for what purpose you want to use a hash algorithm, I'd like to say that some collisions have been found for MD5 so it might be less "secure" (well, we probably can't say "broken" since those collisions are hard to compute). The same remark applies to the SHA-1 algorithm.
More information here: http://www.mathstat.dal.ca/~selinger/md5collision/
So if you want to use a hash algorithm for security purposes, you might take a look at SHA-256 or SHA-512 which are stronger for now.
Otherwise you can probably keep going with MD5.
My two cents.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do I generate a hashcode from a byte array in c#
In C#, I need to create a Hash of an image to ensure it is unique in storage.
I can easily convert it to a byte array, but unsure how to proceed from there.
Are there any classes in the .NET framework that can assist me, or is anyone aware of some efficient algorithms to create such a unique hash?
There's plenty of hashsum providers in .NET which create cryptographic hashes - which satisifies your condition that they are unique (for most purposes collision-proof). They are all extremely fast and the hashing definitely won't be the bottleneck in your app unless you're doing it a trillion times over.
Personally I like SHA1:
public static string GetHashSHA1(this byte[] data)
{
using (var sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider())
{
return string.Concat(sha1.ComputeHash(data).Select(x => x.ToString("X2")));
}
}
Even when people say one method might be slower than another, it's all in relative terms. A program dealing with images definitely won't notice the microsecond process of generating a hashsum.
And regarding collisions, for most purposes this is also irrelevant. Even "obsolete" methods like MD5 are still highly useful in most situations. Only recommend not using it when the security of your system relies on preventing collisions.
The part of Rex M's answer about using SHA1 to generate a hash is a good one (MD5 is also a popular option). zvolkov's suggestion about not constantly creating new crypto providers is also a good one (as is the suggestion about using CRC if speed is more important than virtually-guaranteed uniqueness.
However, do not use Encoding.UTF8.GetString() to convert a byte[] into a string (unless of course you know from context that it is valid UTF8). For one, it will reject invalid surogates. A method guaranteed to always give you a valid string from a byte[] is Convert.ToBase64String().
Creating new instance of SHA1CryptoServiceProvider every time you need to compute a hash is NOT fast at all. Using the same instance is pretty fast.
Still I'd rather do one of the many CRC algorithms instead of a cryptographic hash as hash functions designed for cryptography don't work too well for very small hash sizes (32 bit) which is what you want for your GetHash() override (assuming that's what you want).
Check this link out for one example of computing CRC in C#: http://sanity-free.org/134/standard_crc_16_in_csharp.html
P.S. the reason you want your hash to be small (16 or 32 bit) is so you can compare them FAST (that was the whole point of having hashes, remember?). Having hash represented by a 256-bit long value encoded as string is pretty insane in terms of performance.
You can use any of the standard hashing algorithms, but hashing can't technically guarantee uniqueness. Hashing is designed to be a relatively fast and/or small token to be able to see if one piece of data likely is the same as the other. It's fully possible for entirely different sets of data to produce the same hash, though being able to produce these algorithmically is very hard.
All of that aside, for checking likely identity, MD5 is fairly fast. SHA is more reliable (MD5 has been hacked, so shouldn't be use for security), but it's also slower.