Hash Code For PassWord

  • (2 Pages)
  • +
  • 1
  • 2

18 Replies - 2683 Views - Last Post: 19 July 2010 - 10:49 AM Rate Topic: -----

#1 hamidkhl  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 118
  • Joined: 03-November 08

Hash Code For PassWord

Posted 15 July 2010 - 11:39 PM

Hi every body
I want to hash my project's password
I insert another chars (some gibberish char)between
my pasword string, but I think it's not reliable,
do you have any better suggestion?
thank you
Is This A Good Question/Topic? 0
  • +

Replies To: Hash Code For PassWord

#2 born2c0de  Icon User is offline

  • printf("I'm a %XR",195936478);
  • member icon

Reputation: 180
  • View blog
  • Posts: 4,667
  • Joined: 26-November 04

Re: Hash Code For PassWord

Posted 15 July 2010 - 11:55 PM

MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are the most popular hashing algorithms.
Since SHA is less susceptible to cryptanalytic attacks, I suggest you hash your password using SHA using this function:

public static string GetSHAHashCode(string str)   
{   
    string rethash = "";   
    try   
    {   
  
          System.Security.Cryptography.SHA1 hash = System.Security.Cryptography.SHA1.Create();   
           System.Text.ASCIIEncoding encoder = new System.Text.ASCIIEncoding();   
           byte[] combined = encoder.GetBytes(str);   
           hash.ComputeHash(combined);   
           rethash = Convert.ToBase64String(hash.Hash);   
    }   
    catch (Exception ex)   
    {   
           string strerr = "Error in HashCode : " + ex.Message;   
    }   
    return rethash;   
}


Source
Was This Post Helpful? 1
  • +
  • -

#3 FlashM  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 382
  • View blog
  • Posts: 1,195
  • Joined: 03-December 09

Re: Hash Code For PassWord

Posted 16 July 2010 - 12:08 AM

born2c0de provided a good solution... There's only one thing that bothers me about it... He used a try/catch statement which is perfectly fine, but let's say that within a TRY block there's an error and catch block catches this exception as it should. But then here's the problem... If an exception is thrown, he still returns a rethash variable, which would in this case be an empty string. Very bad idea!

I would update this code as follows:
public static string GetSHAHashCode(string str)   
{     
           if (string.IsNullOrEmpty(str))
              throw new ArgumentNullException("[GetSHAHashCode]: input string should not be null or empty!!!");
    
           System.Security.Cryptography.SHA1 hash = System.Security.Cryptography.SHA1.Create();   
           System.Text.ASCIIEncoding encoder = new System.Text.ASCIIEncoding();   
           byte[] combined = encoder.GetBytes(str);   
           hash.ComputeHash(combined);   
           return Convert.ToBase64String(hash.Hash);
}


public void SomeLoginMethod()
{
     string username = "testUsername";
     string password = "testPassword";

     try
     {
          string hashedPassword = GetSHAHashCode(password);
          // Other login related code...
     }
     catch(Exception ex)
     {
          //There has been an exception
          //Log it! Notify user!
     }
}



Then within a method that calls this GetSHAHashCode method use a try/catch block and catch the exception of the GetSHAHashCode method if it occurs...

This post has been edited by FlashM: 16 July 2010 - 12:13 AM

Was This Post Helpful? 2
  • +
  • -

#4 hamidkhl  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 118
  • Joined: 03-November 08

Re: Hash Code For PassWord

Posted 16 July 2010 - 12:35 AM

thabk you born2c0de, it was really helpful
Was This Post Helpful? 0
  • +
  • -

#5 hamidkhl  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 118
  • Joined: 03-November 08

Re: Hash Code For PassWord

Posted 16 July 2010 - 12:47 AM

Why I cann't see + button for thank!!!
Was This Post Helpful? 0
  • +
  • -

#6 FlashM  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 382
  • View blog
  • Posts: 1,195
  • Joined: 03-December 09

Re: Hash Code For PassWord

Posted 16 July 2010 - 12:49 AM

You should see it... The only one you shouldn't see is yours.
Was This Post Helpful? 1
  • +
  • -

#7 hamidkhl  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 118
  • Joined: 03-November 08

Re: Hash Code For PassWord

Posted 16 July 2010 - 01:28 AM

My browser is some kind of crazy, + button is under
ads!!!
I'll fix it
Was This Post Helpful? 0
  • +
  • -

#8 Bacanze  Icon User is offline

  • D.I.C Head

Reputation: 36
  • View blog
  • Posts: 202
  • Joined: 09-April 10

Re: Hash Code For PassWord

Posted 16 July 2010 - 03:36 AM

The other answers are great, however I thought I'd post this which is what I used on my first ASP.NET project, also it's based on MD5.

public string GenerateHash(string input)
        {
            var md5 = MD5.Create();
            byte[] createBytes = Encoding.ASCII.GetBytes(input);
            byte[] hash = md5.ComputeHash(createBytes);

            var sb = new StringBuilder();
            for (int i = 0; i < hash.Length; i++)
            {
                sb.Append(hash[i].ToString("x1"));
            }

            return sb.ToString();

        }

Was This Post Helpful? 0
  • +
  • -

#9 jaron  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 3
  • Joined: 08-July 10

Re: Hash Code For PassWord

Posted 16 July 2010 - 03:48 AM

In Enter event for your password text box do as follows:



private void txtPassword_Enter(object sender, EventArgs e)
        {
            txtPassword.PasswordChar = '*';
            txtPassword.MaxLength = 14;
        }

This post has been edited by JackOfAllTrades: 16 July 2010 - 04:39 AM
Reason for edit:: Code tags.

Was This Post Helpful? -3
  • +
  • -

#10 FlashM  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 382
  • View blog
  • Posts: 1,195
  • Joined: 03-December 09

Re: Hash Code For PassWord

Posted 16 July 2010 - 04:26 AM

I might be wrong but using SHA algorithm is stronger than MD-5. Please correct me if I'm wrong...
Was This Post Helpful? 0
  • +
  • -

#11 Sergio Tapia  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1252
  • View blog
  • Posts: 4,168
  • Joined: 27-January 10

Re: Hash Code For PassWord

Posted 16 July 2010 - 04:38 AM

I am nowhere near qualified on cryptography to give an answer with an explanation, but from what I've read when working with hashing is that MD5 has been cracked and SHA1 is the way to go.
Was This Post Helpful? 0
  • +
  • -

#12 FlashM  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 382
  • View blog
  • Posts: 1,195
  • Joined: 03-December 09

Re: Hash Code For PassWord

Posted 16 July 2010 - 04:42 AM

Exactly!
Was This Post Helpful? 0
  • +
  • -

#13 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6036
  • View blog
  • Posts: 23,422
  • Joined: 23-August 08

Re: Hash Code For PassWord

Posted 16 July 2010 - 04:43 AM

Both MD5 and SHA-1 have been "cracked" and could be considered broken. See here
Was This Post Helpful? 1
  • +
  • -

#14 FlashM  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 382
  • View blog
  • Posts: 1,195
  • Joined: 03-December 09

Re: Hash Code For PassWord

Posted 16 July 2010 - 04:45 AM

What about SHA-2 then?

This post has been edited by FlashM: 16 July 2010 - 04:45 AM

Was This Post Helpful? 0
  • +
  • -

#15 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6036
  • View blog
  • Posts: 23,422
  • Joined: 23-August 08

Re: Hash Code For PassWord

Posted 16 July 2010 - 04:53 AM

Looks like good reading on the subject
Was This Post Helpful? 1
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2