Help needed on ComputeHash()

  • Thread starter Thread starter Hongbo
  • Start date Start date
H

Hongbo

Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop working.

Would you please tell me if the System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb
 
Hello

hashalgorithm() doesn't have computeHase() in .Net 2.0. Instead,

cryptography.sha512()

has computeHash(). I am not sure the two methods in two framworks return
same value.

Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop
working.

Would you please tell me if the
System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given
byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb
 
Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop working.

Would you please tell me if the System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb
Click to expand...

Hi,

Nothing has (as one would expect) changed:

http://msdn2.microsoft.com/en-us/library/s02tk69a(VS.80).aspx
http://msdn2.microsoft.com/en-us/library/system.security.cryptography.sha512(vs.80).aspx

How are you calculating the hash? A simple way:

using System;
using System.Security.Cryptography;
using System.Text;

class test {
public static void Main() {
byte[] sha512 = new SHA512Managed()
.ComputeHash(new UTF8Encoding().GetBytes("string"));
StringBuilder sb = new StringBuilder();
foreach (byte hex in sha512) sb.Append(hex.ToString("x2"));
Console.WriteLine( sb.ToString() );
}
}

HTH - keith
 
Hi, Han and Keith,

I tried the following code in both .Net 1.1 and 2.0:
==
string s1="abc";

//convert string to byte[]
byte[] bh=Encoding.ASCII.GetBytes(s);

SHA512 sh = new SHA512Managed();

//calculate hash
byte[] r=sh.ComputeHash(bh);

//convert byte[] to string
string s2=Encoding.ASCII.GetString(r);

Response.Write("output="+s2);
==
Here you are the output:
***
..Net 1.1: output=]/5!az:LAsI. A1fzN )~" nfKUS!*'OA(6:<##~k=EMD#d

..Net 2.0: output=??5??az??AsI? A1??N??~? ???KU??!??*'O??6?<#????EMD#d
***

One thing in common is that they all contain 53 characters, but they are not same string.
Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop working.

Would you please tell me if the System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb
 
byte[] returned from ComputeHash() is a byte array and may not be
appropriately converted to a string with ASCII encoding. Try
comparing the byte arrays directly or using a different conversion
function.

We use a custom ToHex function (below) for creating strings from
hashed values (which is also how you often see them in specs and
documentation).

HTH,

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.




public static string ToHex(byte[] buff)
{
return ToHex(buff, true);
}

public static string ToHex(byte[] buff, bool lowerCase)
{
if (buff == null)
{
return null;
}

if (buff.Length == 0)
{
return String.Empty;
}
StringBuilder hex = new StringBuilder(buff.Length * 2);
foreach(byte b in buff)
{
hex.Append(b.ToString(lowerCase ? "x2" : "X2"));
}
return hex.ToString();
}
 
Hi, Samuel,

Thank you for the help.

I talked with Microsoft support yesterday. He confirmed that it's actually
Encoding.ASCII.GetString() got changed in .Net 2.0 to eliminate those
invalid characters. That's why my code got different results.
Here is the workaround he suggested:
=======

byte[] byteResult =
Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(passText));

for (int n = 0; n <= byteResult.Length - 1;n++ )
{
// Bitwise AND - set high bit to x7F ( ASCII 127 )
byteResult[n] = (byte)( byteResult[n] & 0x7F);
}

return Encoding.ASCII.GetString(byteResult);

=======

hb

Samuel R. Neff said:
byte[] returned from ComputeHash() is a byte array and may not be
appropriately converted to a string with ASCII encoding. Try
comparing the byte arrays directly or using a different conversion
function.

We use a custom ToHex function (below) for creating strings from
hashed values (which is also how you often see them in specs and
documentation).

HTH,

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.




public static string ToHex(byte[] buff)
{
return ToHex(buff, true);
}

public static string ToHex(byte[] buff, bool lowerCase)
{
if (buff == null)
{
return null;
}

if (buff.Length == 0)
{
return String.Empty;
}
StringBuilder hex = new StringBuilder(buff.Length * 2);
foreach(byte b in buff)
{
hex.Append(b.ToString(lowerCase ? "x2" : "X2"));
}
return hex.ToString();
}




Hi, Han and Keith,

I tried the following code in both .Net 1.1 and 2.0:
==
string s1="abc";

//convert string to byte[]
byte[] bh=Encoding.ASCII.GetBytes(s);

SHA512 sh = new SHA512Managed();

//calculate hash
byte[] r=sh.ComputeHash(bh);

//convert byte[] to string
string s2=Encoding.ASCII.GetString(r);

Response.Write("output="+s2);
==
Here you are the output:
***
.Net 1.1: output=]/5!az:LAsI. A1fzN )~" nfKUS!*'OA(6:<##~k=EMD#d

.Net 2.0: output=??5??az??AsI? A1??N??~? ???KU??!??*'O??6?<#????EMD#d
***

One thing in common is that they all contain 53 characters, but they are not same string.
Hi,

I use System.Security.Cryptography.HashAlgorithm.ComputeHash() method
with SHA512 to encrypt password.

I recently upgrade my website from .Net 1.1 to .Net 2.0. The passwords stop working.

Would you please tell me if the System.Security.Cryptography.HashAlgorithm.ComputeHash()
generate exact same hash code in both versions of .Net for the same given byte[]?

If the method in 2 versions indeed generate different hash code,
Thank you

hb
Click to expand...
Click to expand...
 
That's what MS support suggested ?!? Tha'ts a horrible solution. :(

ComputeHash returns a byte array, not an ascii encoded string. By
looping through the result and removing the high bit from every byte
that has one, you're changing the result and the string representation
is not valid. For example, you can get the same string representation
for many different hashes and you can not convert two ways.

Sam
 
Back
Top