MD5 hash with salt for keeping password in DB in C#

c# .net security hash md5
39,177

Solution 1

You can use the HMACMD5 class:

var hmacMD5 = new HMACMD5(salt);
var saltedHash = hmacMD5.ComputeHash(password);

Works with SHA-1, SHA256, SHA384, SHA512 and RIPEMD160 as well:

var hmacSHA1 = new HMACSHA1(salt);
var saltedHash = hmacSHA1.ComputeHash(password);

Both salt and password are expected as byte arrays.

If you have strings you'll have to convert them to bytes first:

var salt = System.Text.Encoding.UTF8.GetBytes("my salt");
var password = System.Text.Encoding.UTF8.GetBytes("my password");

Solution 2

In addition to the HMACSHA1 class mentioned above, if you just need a quick salted hash, then you're already 95% of the way there:

private static string GenerateHash(string value, string salt)
{
    byte[] data = System.Text.Encoding.ASCII.GetBytes(salt + value);
    data = System.Security.Cryptography.MD5.Create().ComputeHash(data);
    return Convert.ToBase64String(data);
}

The real trick is storing the salt in a secure location, such as your machine.config.

Solution 3

Microsoft have done this work for you, but it takes a bit of digging. Install Web Service Extensions 3.0, and have a look at the Microsoft.Web.Services3.Security.Tokens.UsernameToken.ComputePasswordDigest function with Reflector.

I would like to post the source code to that function here, but I'm not sure if it's legal to do that. If anyone can reassure me then I will do so.

Share:
39,177
abatishchev
Author by

abatishchev

This is my GUID. There are many like it but this one is mine. My GUID is my best friend. It is my life. I must master it as I must master my life. Without me, my GUID is useless. Without my GUID I am useless.

Updated on July 09, 2022

Comments

  • abatishchev
    abatishchev almost 2 years

    Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability.

    Now I have this one:

    private static string GenerateHash(string value)
{
    var data = System.Text.Encoding.ASCII.GetBytes(value);
    data = System.Security.Cryptography.MD5.Create().ComputeHash(data);
    return Convert.ToBase64String(data);
}

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Calculate MD5 checksum for a file
MD5 hash of blob uploaded on Azure doesnt match with same file on local machine
How to hash a password with SHA512
Why not use MD5 for password hashing?
dcomcnfg functionality programmatically
Password hashing in a C# Windows app, absent ASP.NET's FormsAuthentication?
What's the big deal with brute force on hashes like MD5
Encode password to MD5 using keys
HttpWebRequest + Windows Auth - NetworkCredential just doesn't work
How to present credentials in order to open file?