How to hash a password with SHA512
Solution 1
Hashing with plain SHA-512 is still wrong. Use PBKDF2 which is exposed via Rfc2898DeriveBytes.
It returns raw bytes, which you should encode with either hex or base64.
You can do hex encoding with:
BitConverter.ToString(bytes).Replace("-","")
Solution 2
Please see tutorial here: http://www.obviex.com/samples/hash.aspx
From the tutorial: "These code samples demonstrate how to hash data and verify hashes. It supports several hashing algorithms. To help reduce the risk of dictionary attacks, the code prepends random bytes (so-called salt) to the original plain text before generating hashes and appends them to the generated ciphertext (original salt value will be needed for hash verification). The resulting ciphertext is base64-encoded. IMPORTANT: DATA HASHES CANNOT BE DECRYPTED BACK TO PLAIN TEXT"
Solution 3
You sure it said 512 because that's 128, but anyway you could use something like
System.String Hashed = System.BitConverter.ToString(((System.Security.Cryptography.SHA512)new System.Security.Cryptography.SHA512Managed()).ComputeHash(System.Text.Encoding.ASCII.GetBytes("NotHashedPass"))).Replace("-","");
MessageBox.Show(Hashed);
but id recommend at least using a salt.
james
Updated on June 04, 2022Comments
-
james almost 2 years
In my previous question I was told to hash passwords instead of encrypt, and that turned out to be correct. Problem is, I've never dealt with hashing passwords before and all the docs say SHA512 which I've tried to use on a test account to no avail. I'm not sure where to go from here. The code comments give me the example "encrypted" string as they call it, and it's "FA35A0194E3BE7024CEFB1839CBFC922" which I'm not sure how to format it like that with SHA512 since all it takes and gives back is a byte array or stream from the
ComputeHash()
method:byte[] hashedPassword = HashAlgorithm.Create("SHA512").ComputeHash( ??? );
UPDATE
I've tried printing out the UTF8Encoding.GetString on the bytes, but it just displays a bunch of bullshit characters that look nothing like the one in the example docs.
-
james about 12 yearsNow you see why I'm confused here?
-
james about 12 yearsugh... i'm trying to work with a shitpile legacy system that requires this SHA512 hashing function that I thought was encryption in my previous question - I just don't know how to get the text based on the bytes!
-
oleksii about 12 years@james to get a string from byte[] you would need to use encoding, for example:
string data = new UTF8Encoding(false).GetString(bytes);
-
Chuck Savage about 12 years@godzcheater how about separating that line into variables. No points given for making one liners when you are trying to help someone understand something.
-
godzcheater about 12 years@Savage if you saw the original question you would know that he has no idea what any of his code dose but, ` System.Security.Cryptography.SHA512 SHA512 = new System.Security.Cryptography.SHA512Managed(); System.Byte[] Hash = SHA512.ComputeHash(System.Text.Encoding.ASCII.GetBytes("NotHashedPass"));// if you want to add a salt just do "NotHashedPass" + "SaltHere" System.String HashStr = System.BitConverter.ToString(Hash).Replace("-", ""); MessageBox.Show(HashStr);`
-
CodesInChaos about 11 years@Igor Because plain SHA-512 is fast. The most important threat for password hashing is guessing many potential passwords. If you iterate the hash 10k times, then cracking becomes 10k times as expensive. PBKDF2 is essentially such an iterated hash function.