MD5 or SHA1 hashing - the easy way

15 Comments

• That's where I first went looking for it way back when.
  

• I agree that there should be some 'easy' helper methods in all the namespaces. I'm a lot less encouraged to arbitrarily add System.Web references just for that one method though ;-)
  

• I agree Eric. I don't fancy including System.Web for WinForms apps or libraries either. At the same time, I think that emphasizes the point that these kind of methods belong in a different namespace.
  
  
  
  Similar thing goes for System.Web.Caching. It can be used in WinForms apps - so why not shove it in something like System.Caching instead?
  

• But hashing is simple:
  
  
  
  Encoding encoder = new UTF8Encoding();
  
  SHA1 sha = new SHA1Managed();
  
  byte[] passwordHash = sha.ComputeHash(encoder.GetBytes(password));
  
  
  
  This gives you bytes, which is what a hash is. The forms authentication method BinHexes the bytes into a string, which is ok for human readable files but a waste when your password hashes are in a database, where they should be stored as binary(20) or binary(16) depending on which hash you're using.
  

• Jerry - sure, you can even do it in one line of code. This is how simple it is:
  
  
  
  string passwordHash = System.Text.UTF8Encoding.UTF8.GetString(new SHA1Managed().ComputeHash(new System.Text.UTF8Encoding().GetBytes("mypassword")));
  
  
  
  That however was not my point. It'd be far easier to have a few static methods for hashing and or encryption/decryption with several overloads for either basic strings or byte arrays.
  
  
  
  It would've been useful if some static hash methods like the following existed:
  
  
  
  static bytes[] SHA1.Computate(byte[] bytes);
  
  static string MD5.Computate(string phrase);
  
  
  
  etc...
  
  
  
  My other point was that the MD5 hash function HashPasswordForStoringInConfigFile() is in the wrong namespace.
  

• I see your points, and I agree with the namespace, forms authentication is not limited to web apps.
  
  
  
  As for having string MD5.ComputeHash(string) - the problem is that the result of a hash is a sequence of bytes. So what should a string representation be? BinHex? UUEncode? Base-64? A comma separated list of byte values? There is no default implicit string representation of a byte array. Same applies to the input, should the string be taken as sequence of bytes in UTF-8? UTF-16? UCS-2? 7-bit ASCII (ignoring Unicode characters altogether)?
  

• Jerry,
  
  
  
  The input string should be Unicode, UTF-16 and the output Base64. As far as I know that's pretty much the standard for checksum hashes.
  
  
  
  Besides, like I mentioned before, you'd have a few overloaded static methods for different kinds of inputs and outputs including which type of encoding, when using strings.
  

• how can we decode hash
  

• Amity,
  
  
  
  Hashes cannot be decoded. They are a one way checksum over a piece of data.
  

• but is not it good enough if you are using in in web application......
  

• it works, i was asked to hash data, i did using the
  'System.Security.Cryptogr..' method, but final data is not the same as expected result BUT thanks to you, this method works SPOT on!.
  
  so thanks, you made a different and your post really helped.
  

• Sweet post, worked for a unique problem I was having!
  

• easiest way for encoding is
  TextBox2.Text = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox1.Text, DropDownList1.SelectedItem.ToString ());
  
  how to get viceversa....
  

• Please note that HashPasswordForStoringInConfigFile is obsolete these days.
  

• that the air compressors that we use at home are the high powered
  ones, we also use it for cleaning,.