In C# how we can use SHA1 automatically?
Is SHA1 better than MD5?(We use hashing for user name and password and need speed for authentication)
Not sure what you mean by automatically, but you should really use SHA256 and higher. Also always use a Salt (code) with your hashes. A side note, after time has passed, using hardened hashes is far better than using a plain speed-based hashing function. I.e.: hashing over a few hundred iterations, or using already proven hashing functions such as bcrypt (which is mentioned below I believe). A code sample for using a SHA256 hash function in .NET is as follows:
byte[] data = new byte[DATA_SIZE];
byte[] result;
using(SHA256 shaM = new SHA256Managed()) {
result = shaM.ComputeHash(data);
}
Will do the trick for you using SHA256 and is found at MSDN.
Sidenote on the "cracking" of SHA1: Putting the cracking of SHA-1 in perspective
SHA1 is stronger than MD5 so if you have the choice it would be better to use it. Here s an example:
public static string CalculateSHA1(string text, Encoding enc)
{
byte[] buffer = enc.GetBytes(text);
SHA1CryptoServiceProvider cryptoTransformSHA1 = new SHA1CryptoServiceProvider();
return BitConverter.ToString(cryptoTransformSHA1.ComputeHash(buffer)).Replace("-", "");
}
Both are too fast to be used, directly at least. Use Key Strengthening to "slow down" the password hashing procedure. Speed is the unfortunately the enemy to password security.
How slow is slow enough? Slowing down a password hash from ~microseconds to ~hundreds of milliseconds will not adversely affect the perceived performance of your application... but will make cracking passwords literally a hundred thousand times slower.
View this article for details: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
The problem is that MD5 is fast. So are its modern competitors, like SHA1 and SHA256. Speed is a design goal of a modern secure hash, because hashes are a building block of almost every cryptosystem, and usually get demand-executed on a per-packet or per-message basis.
Speed is exactly what you don’t want in a password hash function.
... snip ...
The password attack game is scored in time taken to crack password X. With rainbow tables, that time depends on how big your table needs to be and how fast you can search it. With incremental crackers, the time depends on how fast you can make the password hash function run.
That said, use BCrypt. SCrypt was recently developed, but I doubt that any stable (or production ready) libraries exist for it yet. Theoretically, SCrypt claims to improve upon BCrypt. "Building your own" is not recommended, but iterating MD5 / SHA1 / SHA256 thousands of times ought to do the trick (ie: Key Strengthening).
And in case you don t know about them, be sure to read up on Rainbow Tables. Basic security stuff.
From MSDN
byte[] data = new byte[DATA_SIZE];
byte[] result;
SHA1 sha = new SHA1CryptoServiceProvider();
// This is one implementation of the abstract class SHA1.
result = sha.ComputeHash(data);
use SHA1 or SHA2 The MD5 algorithm is problematic.
http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html http://msdn.microsoft.com/en-us/library/system.security.cryptography.md5%28v=vs.85%29.aspx
I d like use these things.
MD5, SHA1/256/384/512 with an optional Encoding parameter.
Othere HashAlgorithms.Thanks to Darin Dimitrov.
public static string MD5Of(string text)
{
return MD5Of(text, Encoding.Default);
}
public static string MD5Of(string text, Encoding enc)
{
return HashOf<MD5CryptoServiceProvider>(text, enc);
}
public static string SHA1Of(string text)
{
return SHA1Of(text, Encoding.Default);
}
public static string SHA1Of(string text, Encoding enc)
{
return HashOf<SHA1CryptoServiceProvider>(text, enc);
}
public static string SHA384Of(string text)
{
return SHA384Of(text, Encoding.Default);
}
public static string SHA384Of(string text, Encoding enc)
{
return HashOf<SHA384CryptoServiceProvider>(text, enc);
}
public static string SHA512Of(string text)
{
return SHA512Of(text, Encoding.Default);
}
public static string SHA512Of(string text, Encoding enc)
{
return HashOf<SHA512CryptoServiceProvider>(text, enc);
}
public static string SHA256Of(string text)
{
return SHA256Of(text, Encoding.Default);
}
public static string SHA256Of(string text, Encoding enc)
{
return HashOf<SHA256CryptoServiceProvider>(text, enc);
}
public static string HashOf<TP>(string text, Encoding enc)
where TP: HashAlgorithm, new()
{
var buffer = enc.GetBytes(text);
var provider = new TP();
return BitConverter.ToString(provider.ComputeHash(buffer)).Replace("-", "");
}
MD5 is better in performance and SHA1 is better for security. You can get an idea from this comparison
What is the use of default keyword in C#? Is it introduced in C# 3.0 ?
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
I m pretty new to the Objective-C world and I have a long history with .net/C# so naturally I m inclined to use my C# wits. Now here s the question: I feel really inclined to create some type of ...
I cannot figure out how to marshal a C++ CBitmap to a C# Bitmap or Image class. My import looks like this: [DllImport(@"test.dll", CharSet = CharSet.Unicode)] public static extern IntPtr ...
I have two EF entities. One has a property called HouseNumber. The other has two properties, one called StartHouseNumber and one called EndHouseNumber. I want to create a many to many association ...
How to user GhostScript DLL to convert PDF to PDF/A. I know I kind of have to call the exported function of gsdll32.dll whose name is gsapi_init_with_args, but how do i pass the right arguments? BTW, ...
Since I cannot order my dictionary, what is the best way of going about taking key value pairs and also maintaing an index?
Maybe it s something I m doing wrong. I m just learning Linq because I m bored. And so far so good. I made a little program and it basically just outputs all matches (foreach) into a label control. ...