Coordinating MD5 Hash Values for Passwords

G

Guest

I have windows application that is used to set and set passwords for a web
site.

I need to generate the MD5 hash value and store it locally. Publication is
used to update the SQL Server on the Web server.

The problem is the MD5 Hash value used in Windows does return the same Hash
used in the Web application eventhough the inputted string is the same.

I am using the following code in windows:

Private Function ConvertStringToByteArray(ByVal s As [String]) As [Byte]()
Return (New UnicodeEncoding).GetBytes(s)
End Function

Private Function HashPassword(ByVal strPasswordClear) As String

Dim dataToHash As [Byte]() = ConvertStringToByteArray(strPasswordClear)
Dim hashvalue As Byte() = CType(CryptoConfig.CreateFromName("MD5"),
HashAlgorithm).ComputeHash(dataToHash)

Return BitConverter.ToString(hashvalue)

End Function

And for the Web:
strPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "md5")

How can I accomplish getting the same Hash value for both routines?
 
G

Guest

Duh, I thought the windows function was windows specific but it worked in
ASP.Net just fine using these references:

Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
Imports System.Text

So using the same functions obviously produces the result I need.

wr
 
M

Matt Berther

Hello WhiskyRomeo,

This means there is a problem with your MD5 hash code. An MD5 hash should
be the same irregardless of how its invoked.

This C# code creates the same hash irregardless...

public static void Main(string[] args)
{
string text = args[0];

MD5 md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(text));

StringBuilder result = new StringBuilder(32);
foreach (byte b in hashBytes)
{
result.Append(b.ToString("x2").ToUpper());
}

Console.WriteLine("Algorithm: {0}", result.ToString());
Console.WriteLine("Forms Auth: {0}", FormsAuthentication.HashPasswordForStoringInConfigFile(text,
"md5"));
}

--
Matt Berther
http://www.mattberther.com
Duh, I thought the windows function was windows specific but it worked
in ASP.Net just fine using these references:

Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
Imports System.Text
So using the same functions obviously produces the result I need.

wr

WhiskyRomeo said:
I have windows application that is used to set and set passwords for
a web site.

I need to generate the MD5 hash value and store it locally.
Publication is used to update the SQL Server on the Web server.

The problem is the MD5 Hash value used in Windows does return the
same Hash used in the Web application eventhough the inputted string
is the same.

I am using the following code in windows:

Private Function ConvertStringToByteArray(ByVal s As [String]) As
[Byte]()
Return (New UnicodeEncoding).GetBytes(s)
End Function
Private Function HashPassword(ByVal strPasswordClear) As String

Dim dataToHash As [Byte]() =
ConvertStringToByteArray(strPasswordClear) Dim hashvalue As Byte() =
CType(CryptoConfig.CreateFromName("MD5"),
HashAlgorithm).ComputeHash(dataToHash)

Return BitConverter.ToString(hashvalue)

End Function

And for the Web:
strPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword,
"md5")
How can I accomplish getting the same Hash value for both routines?
 
G

Guest

The code used was pulled directly from MS articles.

They do indeed produce different results. In fact the first function
returns a string with a hyphen at every two characters, eg: ab-cd-ef- etc.

The 2nd function does not have hyphens in the result and the letter don't
match so replacing hyphens with "" still does not produce the same result.

wr

Matt Berther said:
Hello WhiskyRomeo,

This means there is a problem with your MD5 hash code. An MD5 hash should
be the same irregardless of how its invoked.

This C# code creates the same hash irregardless...

public static void Main(string[] args)
{
string text = args[0];

MD5 md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(text));

StringBuilder result = new StringBuilder(32);
foreach (byte b in hashBytes)
{
result.Append(b.ToString("x2").ToUpper());
}

Console.WriteLine("Algorithm: {0}", result.ToString());
Console.WriteLine("Forms Auth: {0}", FormsAuthentication.HashPasswordForStoringInConfigFile(text,
"md5"));
}

--
Matt Berther
http://www.mattberther.com
Duh, I thought the windows function was windows specific but it worked
in ASP.Net just fine using these references:

Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
Imports System.Text
So using the same functions obviously produces the result I need.

wr

WhiskyRomeo said:
I have windows application that is used to set and set passwords for
a web site.

I need to generate the MD5 hash value and store it locally.
Publication is used to update the SQL Server on the Web server.

The problem is the MD5 Hash value used in Windows does return the
same Hash used in the Web application eventhough the inputted string
is the same.

I am using the following code in windows:

Private Function ConvertStringToByteArray(ByVal s As [String]) As [Byte]()
Return (New UnicodeEncoding).GetBytes(s)
End Function

Private Function HashPassword(ByVal strPasswordClear) As String

Dim dataToHash As [Byte]() = ConvertStringToByteArray(strPasswordClear) Dim hashvalue As Byte() = CType(CryptoConfig.CreateFromName("MD5"), HashAlgorithm).ComputeHash(dataToHash)

Return BitConverter.ToString(hashvalue)

End Function

And for the Web:
strPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword,
"md5")
How can I accomplish getting the same Hash value for both routines?
 
C

Chris Taylor

Hi,

The reason you results do not match is that you are passing a unicode string
to the MD5 algoritm and the HashPasswordForStoringInConfigFile is using the
UTF8 encoding of the passed string to perform the MD5 hash.

Hope this helps

--
Chris Taylor
http://dotnetjunkies.com/weblog/chris.taylor
WhiskyRomeo said:
The code used was pulled directly from MS articles.

They do indeed produce different results. In fact the first function
returns a string with a hyphen at every two characters, eg: ab-cd-ef- etc.

The 2nd function does not have hyphens in the result and the letter don't
match so replacing hyphens with "" still does not produce the same result.

wr

Matt Berther said:
Hello WhiskyRomeo,

This means there is a problem with your MD5 hash code. An MD5 hash should
be the same irregardless of how its invoked.

This C# code creates the same hash irregardless...

public static void Main(string[] args)
{
string text = args[0];

MD5 md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(text));

StringBuilder result = new StringBuilder(32);
foreach (byte b in hashBytes)
{
result.Append(b.ToString("x2").ToUpper());
}

Console.WriteLine("Algorithm: {0}", result.ToString());
Console.WriteLine("Forms Auth: {0}", FormsAuthentication.HashPasswordForStoringInConfigFile(text,
"md5"));
}

--
Matt Berther
http://www.mattberther.com
Duh, I thought the windows function was windows specific but it worked
in ASP.Net just fine using these references:

Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
Imports System.Text
So using the same functions obviously produces the result I need.

wr

:

I have windows application that is used to set and set passwords for
a web site.

I need to generate the MD5 hash value and store it locally.
Publication is used to update the SQL Server on the Web server.

The problem is the MD5 Hash value used in Windows does return the
same Hash used in the Web application eventhough the inputted string
is the same.

I am using the following code in windows:

Private Function ConvertStringToByteArray(ByVal s As [String]) As [Byte]()
Return (New UnicodeEncoding).GetBytes(s)
End Function

Private Function HashPassword(ByVal strPasswordClear) As String

Dim dataToHash As [Byte]() =
ConvertStringToByteArray(strPasswordClear) Dim hashvalue As Byte() =
CType(CryptoConfig.CreateFromName("MD5"),
HashAlgorithm).ComputeHash(dataToHash)
 
M

Matt Berther

Hello WhiskyRomeo,

Right, notice the sample code I gave uses the byte.ToString("x2"). This means
to create the hex value. Also, notice Im doing a ToUpper() on each.

The code that I posted creates the same hash...

--
Matt Berther
http://www.mattberther.com
The code used was pulled directly from MS articles.

They do indeed produce different results. In fact the first function
returns a string with a hyphen at every two characters, eg: ab-cd-ef-
etc.

The 2nd function does not have hyphens in the result and the letter
don't match so replacing hyphens with "" still does not produce the
same result.

wr

Matt Berther said:
Hello WhiskyRomeo,

This means there is a problem with your MD5 hash code. An MD5 hash
should be the same irregardless of how its invoked.

This C# code creates the same hash irregardless...

public static void Main(string[] args)
{
string text = args[0];
MD5 md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(text));
StringBuilder result = new StringBuilder(32);
foreach (byte b in hashBytes)
{
result.Append(b.ToString("x2").ToUpper());
}
Console.WriteLine("Algorithm: {0}", result.ToString());
Console.WriteLine("Forms Auth: {0}",
FormsAuthentication.HashPasswordForStoringInConfigFile(text,
"md5"));
}
--
Matt Berther
http://www.mattberther.com
Duh, I thought the windows function was windows specific but it
worked in ASP.Net just fine using these references:

Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
Imports System.Text
So using the same functions obviously produces the result I need.
wr

:

I have windows application that is used to set and set passwords
for a web site.

I need to generate the MD5 hash value and store it locally.
Publication is used to update the SQL Server on the Web server.

The problem is the MD5 Hash value used in Windows does return the
same Hash used in the Web application eventhough the inputted
string is the same.

I am using the following code in windows:

Private Function ConvertStringToByteArray(ByVal s As [String]) As
[Byte]()
Return (New UnicodeEncoding).GetBytes(s)
End Function
Private Function HashPassword(ByVal strPasswordClear) As String

Dim dataToHash As [Byte]() =
ConvertStringToByteArray(strPasswordClear) Dim hashvalue As Byte()
= CType(CryptoConfig.CreateFromName("MD5"),
HashAlgorithm).ComputeHash(dataToHash)

Return BitConverter.ToString(hashvalue)

End Function

And for the Web:
strPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword,
"md5")
How can I accomplish getting the same Hash value for both routines?
 
M

Matt Berther

Hello Chris,

You're right... I completely missed that. The code I posted was using Encoding.UTF8,
so I didnt even think about that. ;)
 
G

Guest

Matt, Chris,

Thanks again, I see the problem now. This has been very educational.
wr
Matt Berther said:
Hello WhiskyRomeo,

Right, notice the sample code I gave uses the byte.ToString("x2"). This means
to create the hex value. Also, notice Im doing a ToUpper() on each.

The code that I posted creates the same hash...

--
Matt Berther
http://www.mattberther.com
The code used was pulled directly from MS articles.

They do indeed produce different results. In fact the first function
returns a string with a hyphen at every two characters, eg: ab-cd-ef-
etc.

The 2nd function does not have hyphens in the result and the letter
don't match so replacing hyphens with "" still does not produce the
same result.

wr

Matt Berther said:
Hello WhiskyRomeo,

This means there is a problem with your MD5 hash code. An MD5 hash
should be the same irregardless of how its invoked.

This C# code creates the same hash irregardless...

public static void Main(string[] args)
{
string text = args[0];
MD5 md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(text));
StringBuilder result = new StringBuilder(32);
foreach (byte b in hashBytes)
{
result.Append(b.ToString("x2").ToUpper());
}
Console.WriteLine("Algorithm: {0}", result.ToString());
Console.WriteLine("Forms Auth: {0}",
FormsAuthentication.HashPasswordForStoringInConfigFile(text,
"md5"));
}
--
Matt Berther
http://www.mattberther.com
Duh, I thought the windows function was windows specific but it
worked in ASP.Net just fine using these references:

Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
Imports System.Text
So using the same functions obviously produces the result I need.
wr

:

I have windows application that is used to set and set passwords
for a web site.

I need to generate the MD5 hash value and store it locally.
Publication is used to update the SQL Server on the Web server.

The problem is the MD5 Hash value used in Windows does return the
same Hash used in the Web application eventhough the inputted
string is the same.

I am using the following code in windows:

Private Function ConvertStringToByteArray(ByVal s As [String]) As
[Byte]()
Return (New UnicodeEncoding).GetBytes(s)
End Function
Private Function HashPassword(ByVal strPasswordClear) As String

Dim dataToHash As [Byte]() =
ConvertStringToByteArray(strPasswordClear) Dim hashvalue As Byte()
= CType(CryptoConfig.CreateFromName("MD5"),
HashAlgorithm).ComputeHash(dataToHash)

Return BitConverter.ToString(hashvalue)

End Function

And for the Web:
strPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword,
"md5")
How can I accomplish getting the same Hash value for both routines?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top