Help needed on ComputeHash()

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Hongbo - 14 Jun 2007 22:06 GMT

Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop working.

Would you please tell me if the System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb

Reply to this Message

Han - 15 Jun 2007 05:31 GMT

Hello

hashalgorithm() doesn't have computeHase() in .Net 2.0. Instead,

cryptography.sha512()

has computeHash(). I am not sure the two methods in two framworks return
same value.

Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop
working.

Would you please tell me if the
System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given
byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb

Reply to this Message

ko - 15 Jun 2007 06:33 GMT

> Hi,
>
[quoted text clipped - 10 lines]
>
> hb

Hi,

Nothing has (as one would expect) changed:

http://msdn2.microsoft.com/en-us/library/s02tk69a(VS.80).aspx
http://msdn2.microsoft.com/en-us/library/system.security.cryptography.sha512(vs.
80).aspx

How are you calculating the hash? A simple way:

using System;
using System.Security.Cryptography;
using System.Text;

class test {
public static void Main() {
byte[] sha512 = new SHA512Managed()
.ComputeHash(new UTF8Encoding().GetBytes("string"));
StringBuilder sb = new StringBuilder();
foreach (byte hex in sha512) sb.Append(hex.ToString("x2"));
Console.WriteLine( sb.ToString() );
}
}

HTH - keith

Reply to this Message

Hongbo - 15 Jun 2007 16:30 GMT

Hi, Han and Keith,

I tried the following code in both .Net 1.1 and 2.0:
==
string s1="abc";

//convert string to byte[]
byte[] bh=Encoding.ASCII.GetBytes(s);

SHA512 sh = new SHA512Managed();

//calculate hash
byte[] r=sh.ComputeHash(bh);

//convert byte[] to string
string s2=Encoding.ASCII.GetString(r);

Response.Write("output="+s2);
==
Here you are the output:
***
.Net 1.1: output=]/5!az:LAsI. A1fzN )~" nfKUS!*'OA(6:<##~k=EMD#d

.Net 2.0: output=??5??az??AsI? A1??N??~? ???KU??!??*'O??6?<#????EMD#d
***

One thing in common is that they all contain 53 characters, but they are not same string.
Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop working.

Would you please tell me if the System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb

Reply to this Message

Samuel R. Neff - 15 Jun 2007 17:39 GMT

byte[] returned from ComputeHash() is a byte array and may not be
appropriately converted to a string with ASCII encoding. Try
comparing the byte arrays directly or using a different conversion
function.

We use a custom ToHex function (below) for creating strings from
hashed values (which is also how you often see them in specs and
documentation).

HTH,

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.

public static string ToHex(byte[] buff)
{
return ToHex(buff, true);
}

public static string ToHex(byte[] buff, bool lowerCase)
{
if (buff == null)
{
return null;
}

if (buff.Length == 0)
{
return String.Empty;
}
StringBuilder hex = new StringBuilder(buff.Length * 2);
foreach(byte b in buff)
{
hex.Append(b.ToString(lowerCase ? "x2" : "X2"));
}
return hex.ToString();
}

>Hi, Han and Keith,
>
[quoted text clipped - 37 lines]
>
> hb

Reply to this Message

Hongbo - 19 Jun 2007 13:56 GMT

Hi, Samuel,

Thank you for the help.

I talked with Microsoft support yesterday. He confirmed that it's actually
Encoding.ASCII.GetString() got changed in .Net 2.0 to eliminate those
invalid characters. That's why my code got different results.
Here is the workaround he suggested:
=======

byte[] byteResult =
Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(passText));

for (int n = 0; n <= byteResult.Length - 1;n++ )
{
// Bitwise AND - set high bit to x7F ( ASCII 127 )
byteResult[n] = (byte)( byteResult[n] & 0x7F);
}

return Encoding.ASCII.GetString(byteResult);

=======

hb

> byte[] returned from ComputeHash() is a byte array and may not be
> appropriately converted to a string with ASCII encoding. Try
[quoted text clipped - 80 lines]
> >
> > hb

Reply to this Message

Samuel R. Neff - 20 Jun 2007 01:29 GMT

That's what MS support suggested ?!? Tha'ts a horrible solution. :(

ComputeHash returns a byte array, not an ascii encoded string. By
looping through the result and removing the high bit from every byte
that has one, you're changing the result and the string representation
is not valid. For example, you can get the same string representation
for many different hashes and you can not convert two ways.

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.

>Hi, Samuel,
>
[quoted text clipped - 20 lines]
>
>hb

Reply to this Message

Rate this thread:

Help needed on ComputeHash()

Free Magazines