Why isn't my .net-calculated MD5 hash equivalent to the hash calculated on a web site?

Running the code from the MSDN site you quote: Hash an input string and return the hash as // a 32 character hexadecimal string. Static string getMd5Hash(string input) { // Create a new instance of the MD5CryptoServiceProvider object. MD5 md5Hasher = MD5.Create(); // Convert the input string to a byte array and compute the hash.

Byte data = md5Hasher. ComputeHash(Encoding.Default. GetBytes(input)); // Create a new Stringbuilder to collect the bytes // and create a string.

StringBuilder sBuilder = new StringBuilder(); // Loop through each byte of the hashed data // and format each one as a hexadecimal string. For (int I = 0; I Append(datai. ToString("x2")); } // Return the hexadecimal string.

Return sBuilder.ToString(); } static void Main(string args) { System.Console. WriteLine(getMd5Hash("password")); } returns: 5f4dcc3b5aa765d61d8327deb882cf99.

Running the code from the MSDN site you quote: // Hash an input string and return the hash as // a 32 character hexadecimal string. Static string getMd5Hash(string input) { // Create a new instance of the MD5CryptoServiceProvider object. MD5 md5Hasher = MD5.Create(); // Convert the input string to a byte array and compute the hash.

Byte data = md5Hasher. ComputeHash(Encoding.Default. GetBytes(input)); // Create a new Stringbuilder to collect the bytes // and create a string.

StringBuilder sBuilder = new StringBuilder(); // Loop through each byte of the hashed data // and format each one as a hexadecimal string. For (int I = 0; I Append(datai. ToString("x2")); } // Return the hexadecimal string.

Return sBuilder.ToString(); } static void Main(string args) { System.Console. WriteLine(getMd5Hash("password")); } returns: 5f4dcc3b5aa765d61d8327deb882cf99.

True. :-/ I was using different source strings in the two implementations. Idiot!

– pc1oad1etter Oct 10 '08 at 5:47.

To step back from this discussion a bit, I feel that Thomas Ptacek's post (in response to a Jeff Atwood post on a similar topic) explains best why you should not use anything like MD5 for password hashing. Recommended reading.

I get the same value as that web site for the word "password": $ echo -n password | md5 5f4dcc3b5aa765d61d8327deb882cf99 Without seeing the code you are actually using, it's hard to tell what might be going wrong. As for storing hashes in a database, I store them as a hex string. Although most databases can handle binary blobs, storing them as binary only saves half the space and they're harder to query and manipulate.

Chances are the other data you're storing along with the hash is larger anyway.

Or use Base64, which only expands the binary by a third instead of doubling it. Not that MD5 is safe to use for password hashes. – Steven Sudit Jul 8 '09 at 16:58.

This VB. Net version gives the same results as MySQL from my own experience: Private Function MD5Hash(ByVal str As String) As String Dim md5 As MD5 = MD5CryptoServiceProvider. Create Dim hashed As Byte() = md5.

ComputeHash(Encoding.Default. GetBytes(str)) Dim sb As New StringBuilder For I As Integer = 0 To hashed. Length - 1 sb.

AppendFormat("{0:x2}", hashed(i)) Next Return sb. ToString End Function.

(response to second Q)I typically use a string field and store it as BASE64 encoding. Easy enough to work with and make comparisons. /// /// Gets the Base 64 encoded SHA1 hashed password /// /// A Base 64 encoded string representing the SHA1 Hash of the password public string ToBase64SHA1String() { return Convert.

ToBase64String(this. GetSHA1HashCode()); }.

I had linked to one of the methods I was using - in the post. – pc1oad1etter Oct 10 '08 at 5:48.

It should also be noted that MD5 sums can be cracked with rainbow tables (there are free programs on the internet that will accept an MD5 sum as an input and will output a plaintext - which is normally a password) SHA1 is probably a better choice... EDIT: adding salt is a good way to prevent being your hash from being reversed EDIT 2: if I had bothered to read your post I would've noticed you already mentioned that you plan to add salt.

I would argue even with a salt MD5 is not secure enough. – Ramhound Apr 28 at 11:55.

This is happening because somehow you are hashing password1 instead of password (or calculating password incorrectly that it somehow mysteriously equals password1) do a reverse lookup of the md5 hash you provided by googling "7c6a180b36896a0a8c02787eeafb0e4c.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions