Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / December 2007

Tip: Looking for answers? Try searching our database.

HMACSHA512 ComputeHash - workstation or OS  depended?!?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
news.microsoft.com - 12 Dec 2007 16:16 GMT
Hi,

I have a problem with HMACSHA512 ComputeHash fnction. I need to get same
result on every computer that runs my software.

But I have got different result on two computers (on other 20 results are
correct). They are using same version, same function with same parameters
and this begin to happen this week.

Is this a bug?

What hash function will produce same result on different computers with
different OSs?

My code:

       public static string HashIt(byte[] hashKey, byte[] myKey,
HashEncryptionType hashType)
       {
           System.Security.Cryptography.HMAC hash;

           switch (hashType)
           {
               case HashEncryptionType.SHA1:
                   hash = new HMACSHA1(hashKey);
                   break;
               case HashEncryptionType.SHA256:
                   hash = new HMACSHA256(hashKey);
                   break;
               case HashEncryptionType.SHA384:
                   hash = new HMACSHA384(hashKey);
                   break;
               case HashEncryptionType.SHA512:
                   hash = new HMACSHA512(hashKey);
                   break;
               default:
                   hash = new HMACSHA512(hashKey);
                   break;
           }

           hash.ComputeHash(myKey);
           string hashedBytes = Convert.ToBase64String(hash.Hash);
           hash.Clear();

           return hashedBytes;
       }

Nikolay Unguzov
Reply to this Message
Nikolay Unguzov - 12 Dec 2007 17:14 GMT
The problem is caused by microsoft update: .NET 2.0 SP1

In .NET 2.0 SP1 HMAC SHA1 and SHA256 returns same values as in .NET 2.0, but
SHA384 and SHA512 returns different values...

I'm not sure if this is new bug, or fix of old bug, but I'm sure that this
is nod a good policy.

Nikolay Unguzov

> Hi,
>
[quoted text clipped - 44 lines]
>
> Nikolay Unguzov
Reply to this Message
Dominick Baier - 20 Dec 2007 01:39 GMT
have a look here:

http://blogs.msdn.com/shawnfa/archive/2007/01/31/please-do-not-use-the-net-2-0-h
macsha512-and-hmacsha384-classes.aspx
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> The problem is caused by microsoft update: .NET 2.0 SP1
>
[quoted text clipped - 50 lines]
>> }
>> Nikolay Unguzov
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.