locked
Hash algorithms for passwords. RRS feed

  • Question

  • Hello!

    I have those question.

    When I store password in database I can use any hash algorithms.

    But if I would use local database and start my application on another computer values after hashing will be the same or not?

     

    For example :

    string password = "admin";
    int passwordToDb = password.GetHashCode(); // this value I save in db.

    On another computer, when I will verify my password and calculate hash, it wouldn't be the same? I guess that not.

    And what about SHA algorithms? Will I have such problem?


    Sunday, January 19, 2014 6:51 PM

Answers

  • Since you seem to be using .Net to generate the hash code, this is not the correct forum. Still out of curiousity, I did some research:
    http://msdn.microsoft.com/en-us/library/system.string.gethashcode%28v=vs.110%29.aspx
    should answer your questions.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by Sofiya Li Monday, January 20, 2014 12:50 PM
    • Marked as answer by Sofiya Li Friday, January 24, 2014 1:53 AM
    Sunday, January 19, 2014 7:54 PM
  • Below is a code snippet of a secure, repeatable hash.  You may need to tweak the specific algorithm depending on your OS.

    string password = "admin";
    byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
    
    var hasher = new SHA512Managed();
    var hashedPassword = hasher.ComputeHash(passwordBytes);


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    • Proposed as answer by Sofiya Li Monday, January 20, 2014 12:50 PM
    • Marked as answer by Sofiya Li Friday, January 24, 2014 1:53 AM
    Sunday, January 19, 2014 8:31 PM

All replies

  • Since you seem to be using .Net to generate the hash code, this is not the correct forum. Still out of curiousity, I did some research:
    http://msdn.microsoft.com/en-us/library/system.string.gethashcode%28v=vs.110%29.aspx
    should answer your questions.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by Sofiya Li Monday, January 20, 2014 12:50 PM
    • Marked as answer by Sofiya Li Friday, January 24, 2014 1:53 AM
    Sunday, January 19, 2014 7:54 PM
  • Below is a code snippet of a secure, repeatable hash.  You may need to tweak the specific algorithm depending on your OS.

    string password = "admin";
    byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
    
    var hasher = new SHA512Managed();
    var hashedPassword = hasher.ComputeHash(passwordBytes);


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    • Proposed as answer by Sofiya Li Monday, January 20, 2014 12:50 PM
    • Marked as answer by Sofiya Li Friday, January 24, 2014 1:53 AM
    Sunday, January 19, 2014 8:31 PM
  • Use MD5 encryption :

    /// <summary>
            /// Hasher la chaîne en MD5
            /// </summary>
            /// <param name="chaine">La chaîne à hasher.</param>
            /// <returns>La chaîne hashée.</returns>
            public static String hashWithMD5(String chaine)
            {
                //L'objet MD5.
                MD5 md5HashAlgo = MD5.Create();
                //le résultat.
                StringBuilder resultat = new StringBuilder();

                //Tableau d'octes pour le hashage.
                byte[] byteArrayToHash = Encoding.UTF8.GetBytes(chaine);
                //Hasher la chaîne puis placer le résultat dans le tableau.
                byte[] hashResult = md5HashAlgo.ComputeHash(byteArrayToHash);

                //Parcourir le tableau pour le mettre dans le résultat.
                for (int i = 0; i < hashResult.Length; i++)
                {
                    //Afficher le Hash en hexadecimal.
                    resultat.Append(hashResult[i].ToString("X2"));
                }

                //Retourner le résultat.
                return resultat.ToString();
            }

    Monday, January 20, 2014 1:38 AM