All Questions
39 questions
0
votes
1
answer
166
views
Change Executable Hash Algorithm
We have an application build in .NET Framework 4.8, and for security issue we need to change the Hash Algorithm from SHA-1 to SHA-256.
We find this hash algorithm trough ILSPY( as you can see on the ...
0
votes
1
answer
109
views
Password Hash function port from python to .net 8
we have an old software system written in python which uses the following password hash functions:
import hashlib, binascii, os
def hash_password(password):
"""Hash a password for ...
- 11
0
votes
0
answers
91
views
How should I hash passwords on .NET?
I've made a class that hashes a password to store in the database, and it is a singleton, since I do not want to make an instance of it every time I'm going to use, because it does not change. I've ...
0
votes
1
answer
345
views
Working Rfc2898DeriveBytes.Pbkdf2 in Java
I have some passwords hashed with C# using Rfc2898DeriveBytes.Pbkdf2(bytes,src,5000,HashAlgorithmName.SHA1,24) (an older implementation) and would like to port this code to java.
However I don't seem ...
- 2,305
0
votes
1
answer
415
views
SHA256 Hashing of String **With Update** (UTF8 String)
I'm Trying to Hash a String from Console Input with Update (Similar to That in Node Crypto);
I've Used this in Node JS. How can I replicate this Behavior In C#
import { createHmac } from 'crypto';
...
- 24
0
votes
0
answers
534
views
Same SHA256 MAC Result in Oracle PL/SQL and .Net
I'm trying to get the same hashing result between Oracle PL/SQL and .Net using SHA256 MAC with a key. However I'm getting different results. What do i need to modify? Here are the two functions:
...
- 1
0
votes
0
answers
117
views
What is the point of the return value of HashAlgorithm.TransformFinalBlock?
HashAlgorithm.TransformFinalBlock is used as the final step to generate a hash. It returns a byte array which is documented as follows:
An array that is a copy of the part of the input that is hashed....
- 5,304
1
vote
0
answers
70
views
Is there way to create a repeatable of hash of a sting that is guaranteed to work on any machine with version 4 of the .NET framework?
I need to way of generating a hash to use as filename on Windows of constant length from a string. It doesn't need be particularly cryptographically secure. I was going to use MD5, fold it half and ...
- 2,341
1
vote
1
answer
660
views
Deriving from HashAlgorithm in .NET Core
In .NET Framework if we needed to create our own crypto algorithm we could create our own class like:
public class MyAlgorithm: System.Security.Cryptography.HashAlgorithm
{
}
But in .NET Core it ...
- 5,791
3
votes
2
answers
5k
views
Verify Python Passlib generated PBKDF2 SHA512 Hash in .NET
I am migrating a platform which used Passlib 1.6.2 to generate password hashes. The code to encrypt the password is (hash is called with default value for rounds):
from passlib.hash import ...
- 3,739
0
votes
1
answer
507
views
How to get information about digest algorithm from signed file?
I have a file that I signed using singtool and a certificate. When using the signtool, you can specify digest algorithm (SHA1 is used by default). Now, is there a way in .net how can I find out which ...
- 1
0
votes
1
answer
89
views
How to Hash Passwords [duplicate]
I found this example on MSDN: How to Hash Passwords
And these are the .NET Crypto classes: HashAlgorithm Classes
As you can see, all (sub)classes are abstract. But the method signature in MSDN's ...
- 2,470
3
votes
2
answers
723
views
What is the difference between .NET's HMAC and HMAC KeyedHashAlgorithm?
What is the difference between Security.Cryptography.HMACSHA256.Create() and Security.Cryptography.KeyedHashAlgorithm.Create("HmacSHA256")?
- 41
2
votes
2
answers
209
views
Are the docs for HashAlgorithm's "Create" method deficient?
MSDN has a table with the values that are valid for the method. But SHA1CryptoServiceProvider and SHA1Cng succeed even though they're not on the list.
i.e.
HashAlgorithm.Create("System.Security....
- 27.6k
1
vote
1
answer
119
views
Why does the Create() method of SHA-1 behave differently than that of SHA-256?
Why does the Create() method of the Cng-Type of SHA 1 return a CryptoServiceProvider, while that of SHA 256 returns a Managed?
(In other words: Why does SHA1Cng.Create() return a ...
- 27.6k
1
vote
1
answer
73
views
.net Identity password encryption level
Does anyone know what type of encryption (salt+string) used by .net Indentity. Our security folks want us to use at least SHA256. I know I can override their encrption. But would rather stick with ...
- 35
3
votes
1
answer
861
views
Hash output of CryptoStream
I'm using:
cryptoStream.Write(buffer, 0, bytesRead);
and want its hash. If I use:
hash.TransformBlock(buffer, 0, bytesRead, null, 0);
it will (presumably) hash the input, not the encrypted buffer.
...
- 27.6k
4
votes
1
answer
4k
views
How can `string.Empty` be hashed?
For some reason this doesn't make sense to me. How is an empty string hashed when there are no chars in the string to hash?
What I'm talking about would look like this:
System.Web.Helpers.Crypto....
- 8,034
0
votes
3
answers
3k
views
convert clear text password to hash - same salt
I am currently working on a project which has clear text passwords. Now we have the requirement to change all the clear text passwords to HASH.
The Database has the password field and Password salt ...
- 305
5
votes
5
answers
1k
views
Why is saving the salt for a hashed password in the same database secure? [duplicate]
I understand the need for hashing and salting, but I do not understand how storing the salt in the same (potentially compromised) database as the entire hash is secure. For example, a book I'm ...
- 698
0
votes
3
answers
4k
views
Is it good to hash the password or encrypt it? [duplicate]
Possible Duplicate:
Difference between Hashing a Password and Encrypting it
Hashing vs. Encrypting Passwords
I tried hashing my password in C# using Rfc2898DeriveBytes by passing the username ...
- 122
4
votes
2
answers
3k
views
Verify Currently Running Executable
I'm looking for the right approach to verify a currently running executable from within that executable.
I've already found a way to compute a (SHA256) hash for the file that is currently running.
...
- 4,729
2
votes
3
answers
632
views
Create a secure hash that hides an int value in C#
I am trying to create a registration code for my C# 2.0 desktop application, which is a pay-per-use application. The registration code must hide an int value within it (the int value represents the ...
- 21
0
votes
3
answers
2k
views
Will the SHA256Managed Class return different results when run on different machines?
I am attempting to build an authentication mechanism using API keys for access.
As a precaution against relay attacks, I am hashing the API key with the current DateTime and checking on the server ...
- 9,234
21
votes
4
answers
34k
views
Using Base64 encoded Public Key to verify RSA signature
In a nutshell, this is my problem:
private string publicKeyString = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS+fnkGTsUkDKEyFOGwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk+...
- 233
5
votes
8
answers
7k
views
Hashes (MD5, SHA1, SHA256, SHA384, SHA512) - why isn't it possible to get the value back from the hash?
On this blog post, there is a sentence as below:
This hash is unique for the given text. If you use the hash function
on the same text again, you'll get the same hash. But there is no way
to ...
- 58.4k
-1
votes
3
answers
2k
views
InCorrect output using Rfc2898DeriveBytes for password hashing
I am certainly sure i am doing something wrong here. Using .net implementation of the algorithm i hash the password to store in database along with the salt used to hash. On validating the same ...
- 11.1k
55
votes
3
answers
21k
views
.NET implementation of scrypt
I've read about scrypt and some of its advantages over the bcrypt hashing algorithm in certain circumstances.
Anyhow, it seems scrypt isn't as widely used yet. Has anyone seen so far a .NET ...
- 47k
2
votes
1
answer
1k
views
.Net SHA256Managed produce non valid hashing
I'm writing a function to produce a SHA256 hash on a file.
Here is the code I use
public string ComputeHash(Byte[] inputBytes)
{
Byte[] hashedBytes = new SHA256Managed().ComputeHash(...
- 2,583
23
votes
2
answers
13k
views
Calculate hash when writing to stream
I am currently creating an encrypted file format that needs to be signed.
For this I need to calculate the hash code of the content I have written to a stream.
In the .net framework there is numerous ...
- 425
3
votes
4
answers
1k
views
HashAlgorithm implementation
I'm in need of a hash function for checking some file versioning (Basically, checking if client side file is the same as server side one).
My problem is that there is half a dozen implementations of ...
- 9,245
0
votes
3
answers
209
views
Why Would One Use the Unmanaged Implementation of a System.Security.Cryptography Hash?
For example, Microsoft provides both SHA1Managed and SHA1CryptoServiceProvider (Unmanaged) as implementations of SHA1.
What, if any, are the advantages and disadvantages of using the unmanaged ...
- 775
18
votes
2
answers
9k
views
How can I get the same HMAC256-results in C# like in the PHP unit tests?
I thought I would try and get the new Signed Request logic added to my facebook canvas application, to make this "easy" on myself I went to the facebook PHP sdk over at GitHub and took a look at the ...
12
votes
7
answers
7k
views
Why is there no managed MD5 implementation in the .NET framework?
(Re-written question, please see history for original).
The question is right there in the title.
Why is there no managed MD5 implementation in the .NET framework?
I'm specifically talking about a ...
- 44.9k
6
votes
5
answers
4k
views
Are the first 32 bits of a 160-bit SHA1 hash an acceptable substitute for a CRC32 hash?
I'm working on a .NET 3.5 project and I need a 32-bit hash value. There doesn't seem to be any methods in the .NET Cryptography classes that return a 32-bit hash (MD5 is 128 bits, SHA1 is 160 bits, ...
- 18.1k
154
votes
9
answers
89k
views
Which cryptographic hash function should I choose?
The .NET framework ships with 6 different hashing algorithms:
MD5: 16 bytes (Time to hash 500MB: 1462 ms)
SHA-1: 20 bytes (1644 ms)
SHA256: 32 bytes (5618 ms)
SHA384: 48 bytes (3839 ms)
SHA512: 64 ...
- 131k
8
votes
1
answer
798
views
Why are there multiple different hashing algorithm providers in System.Security.Cryptography?
As documented by MSDN, there are several providers for many of the different hashing algorithms (e.g. MD5, SHA, RIPE). For each of the algorithms, any available implementation seems to fall into 1 of ...
- 13.8k
25
votes
4
answers
10k
views
CNG, CryptoServiceProvider and Managed implementations of HashAlgorithm
So I was wondering if there are any major differences between the various implementations of the hash algorithms, take the SHA series of algorithms for example. All of them have 3 implementations each,...
- 9,606
6
votes
6
answers
4k
views
Why isn't my .net-calculated MD5 hash equivalent to the hash calculated on a web site?
I am trying to generate equivalent MD5 hashes in both JavaScript and .Net. Not having done either, I decided to use against a third party calculation - this web site for the word "password". I will ...
- 8,617