Difference between GetHashCode() method and ComputeHash()

  • Thread starter Thread starter Prasad
  • Start date Start date
P

Prasad

Hi,
I am trying to encrypt password for a user record in a sql database. I
want to know what is difference between or which is better and
efficient for encryption GetHashCode() method from object class or
ComputeHash() method from MD5CryptoServiceProvider class.
 
Hi,
I am trying to encrypt password for a user record in a sql database. I
want to know what is difference between or which is better and
efficient for encryption GetHashCode() method from object class or
ComputeHash() method from MD5CryptoServiceProvider class.
Click to expand...

GetHashCode is a simple hash, approriate for use in a Hashtable (or
generic Dictionary), but should not be considered cryptographically
secure.

ComputeHash of a HashAlgorithm is a secure hash (i.e. cannot be easily
reversed), approriate for storing passwords in a database.
SHA1 is preferred to MD5 (http://en.wikipedia.org/wiki/
Md5#Vulnerability)

So for passwords you should use something like:

using System.Security.Cryptography;
using System.Text;
//...
public static byte[] GetPasswordHash(string password)
{
HashAlgorithm algorithm = SHA1.Create();
byte[] data = Encoding.Unicode.GetBytes(password);
return algorithm.ComputeHash(data);
}

Terry.
 
Hi,
I am trying to encrypt password for a user record in a sql database. I
want to know what is difference between or which is better and
efficient for encryption GetHashCode() method from object class or
ComputeHash() method from MD5CryptoServiceProvider class.
Click to expand...

GetHashCode is a simple hash, approriate for use in a Hashtable (or
generic Dictionary), but should not be considered cryptographically
secure.

ComputeHash of a HashAlgorithm is a secure hash (i.e. cannot be easily
reversed), approriate for storing passwords in a database.
SHA1 is preferred to MD5 (http://en.wikipedia.org/wiki/
Md5#Vulnerability)

So for passwords you should use something like:

using System.Security.Cryptography;
using System.Text;
//...
public static byte[] GetPasswordHash(string password)
{
  HashAlgorithm algorithm = SHA1.Create();
  byte[] data = Encoding.Unicode.GetBytes(password);
  return algorithm.ComputeHash(data);

}

Terry.
Click to expand...

Thank you Terry, I will try it.
 
Back
Top