String conversion

[vcnewbie]

Hi

I'm maintaining a VisualC++ project to increase its security regarding
stored passwords.

I thought about using SHA256Managed to create a hash for the password
when creating a user and when this new user tries to login, a new hash
will be created for the given password and compared to the stored
hash. I guess this is quite common.

My problem is that I'm not used (at all) with the 2005 edition (just
VC6) and the creator of the software uses extensively managed strings,
i.e.:

String ^ SomeName

And I'm in trouble converting this type to what SHA256Managed can
understand and then convert the hash back to "String^"

This is what I've found, just for testing the conversion techniques:


#include "stdafx.h"

using namespace System;
using namespace System::Text;
using namespace System::Security::Cryptography;

int main()
{
// Create two different encodings.
Encoding^ ascii = Encoding::ASCII;
Encoding^ unicode = Encoding::Unicode;

String ^ sSourceData = "operator";

// Perform the conversion from one encoding to the other.

GetBytes( sSourceData );

array<unsigned char>^AsciiData = Encoding::Convert( unicode,
ascii, UnicodeData );

SHA256^ shaM = gcnew SHA256Managed;

ComputeHash( AsciiData );

Console::WriteLine(String::Format("Size: {0}", HashResult -

Length));

GetCharCount( result, 0, HashResult ->Length ));

ascii->GetChars( result, 0, HashResult ->Length, asciiChars,
0 );
String ^ sOutputData = gcnew String( asciiChars );
Console::WriteLine( sOutputData );

}

As far as I could understand the ouput, it seems that ComputeHash is
generating real bytes and not hex digits, and I have read somewhere
(can't find it any more) that ComputeHash would generate a hex string
in the output array.

Any ideas?

Thanks in advance
Francisco

 

[Carl Daniel [VC++ MVP]]

As far as I could understand the ouput, it seems that ComputeHash is
generating real bytes and not hex digits, and I have read somewhere
(can't find it any more) that ComputeHash would generate a hex string
in the output array.

Use System::Convert::ToBase64String to convert the array of bytes that you
get from the hash into a base64-encoded string.

-cd

 

[vcnewbie]

Use System::Convert::ToBase64String to convert the array of bytes that you
get from the hash into a base64-encoded string.

-cd

Thanks for the idea, it is a shortcut on what I am doing up to now.

But I guess I didn't put it clear: the SHA256 hash should be a string
of hex numbers, but its results are binary numbers, so I think I'll
have to make a conversion from binary to hex myself.

Thanks again
Francisco

 

[Kevin Spencer]

Use System.BitConverter.ToString(byte[]) to do this. I converts an array of
bytes to hexadecimal string representation of the array.

--
HTH,

Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP

 

[vcnewbie]

Use System.BitConverter.ToString(byte[]) to do this. I converts an array of
bytes to hexadecimal string representation of the array.

--
HTH,

Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP

Thanks a lot, Kevin, that's what I've been looking for, the
modifications on the original code are minimal and clear now.

The test code now is the following (in the case someone needs SHA256
hashing):


#include "stdafx.h"

using namespace System;
using namespace System::Text;

String ^ SHA256Hash(String ^ sInputData);

int main()
{
Console::WriteLine( "password1 : {0}" , SHA256Hash ( "password1
" ) ) ;
Console::WriteLine( "password2 : {0}" , SHA256Hash ( "password2
" ) ) ;
Console::WriteLine( "password3 : {0}" , SHA256Hash ( "password3
" ) ) ;
}

String ^ SHA256Hash(String ^ sInputData) {
// Create two different encodings.
Encoding^ ascii = Encoding::ASCII;
Encoding^ unicode = Encoding::Unicode;

// Initializes a SHA256 hash object for hash computation.
System::Security::Cryptography::SHA256^ shaM = gcnew
System::Security::Cryptography::SHA256Managed;

// Perform the conversion from one encoding to the other.
array<unsigned char>^UnicodeData = unicode->GetBytes( sInputData );
array<unsigned char>^AsciiData = Encoding::Convert( unicode, ascii,
UnicodeData );

// Computes the hash and converts it from binary to string, removing
unwanted characters.
array<unsigned char>^ BaseResult = shaM->ComputeHash( AsciiData );
String ^ sOutputData = System::BitConverter::ToString( BaseResult );
sOutputData = sOutputData->Replace("-","");

return sOutputData;
}


or, a little bit more obfuscated:


String ^ SHA256Hash(String ^ sInputData) {
//Create two different encodings and initializes a SHA256 hash object
for hash computation.
Encoding^ ascii = Encoding::ASCII;
Encoding^ unicode = Encoding::Unicode;
System::Security::Cryptography::SHA256^ shaM = gcnew
System::Security::Cryptography::SHA256Managed;

return (
System::BitConverter::ToString(
shaM->ComputeHash(
Encoding::Convert(
unicode,
ascii,
unicode->GetBytes( sInputData )
)
)
)->Replace("-","")
);
}