Generate 32-character MD5 password with CryptSharp

3

I am using the CryptSharp library to generate password in MD5. I had read that MD5 generates string with 32-character hexadecimal but is generating 34 and with several character types.

Generating in this format:

  

$ 1 $ gSUz3sUo $ mFPQB05MAMhFokOSydON91

Finding out that there are some different MD5 formats. It starts with those $ in the first three characters.

My code using the library is this:

    public string Codifica(string senha)
    {
        return Crypter.MD5.Crypt(senha);
    }

Does anyone know if there is any parameter in this library that can leave my password encoded in 32 characters?

    
asked by anonymous 14.07.2014 / 16:51

3 answers

4

MD5 is a 128-bit hash algorithm, in fact it will not return 32 characters to you but 16 bytes are usually converted to hexadecimal text thus getting the 32 characters you refer to.

But you are using a library that generates it in a slightly different way, taking as an example the hash you mentioned

$1$gSUz3sUo$mFPQB05MAMhFokOSydON91

By logic used by this library this hash can be broken into 3 parts

$1$ is the version identifier

gSUz3sUo is the salt used

mFPQB05MAMhFokOSydON91 is the hash itself, the $ between the salt and the hash is only used as a separator.

In this library values are encoded using a variant of Base64, if this value is decoded you would get back the 16 bytes.

Then because of this extra information, using this library you will not have the 16 bytes (or 32 characters) as you wanted, to use it and to be able to use the CryptSharp.Crypter.CheckPassword(senha, hash) method to check the passwords you need in the hash of the form as it returns itself, the alternative would be to use the MD5CryptServiceProvider of the .Net itself and convert the 16 bytes that it returns to hexadecimal text.

    
14.07.2014 / 18:00
2

Is it necessary to use the CryptSharp ? library

Why do I use the native library System.Security.Cryptography.MD5 , and works perfectly for me. If you can make that change!

My implementation with System.Security.Cryptography.MD5 is as follows:

/// <summary>
/// Gera hash MD5
/// </summary>
/// <param name="input">String a ser aplicado o hash</param>
/// <returns>String já aplicado o hash MD5</returns>
public static string HashMD5(string input)
{
    using (System.Security.Cryptography.MD5 md5Hash = System.Security.Cryptography.MD5.Create())
    {
        // Convert the valor string to a byte array and compute the hash.
        byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));

        // Create a new Stringbuilder to collect the bytes
        // and create a string.
        StringBuilder sBuilder = new StringBuilder();

        // Loop through each byte of the hashed data 
        // and format each one as a hexadecimal string.
        for (int i = 0; i < data.Length; i++)
        {
            sBuilder.Append(data[i].ToString("x2"));
        }

        // Return the hexadecimal string.
        return sBuilder.ToString();
    }
}
  

I'd also recommend taking a look at in this question , since MD5 is not the best way to create password hashes.

    
14.07.2014 / 17:59
-1
public class Criptografia
    {
        public static string GetMD5Hash (string Valor)
        {
            MD5 md5 = new MD5CryptoServiceProvider();
            return BitConverter.ToString(md5.ComputeHash(Encoding.UTF8.GetBytes(Valor))).Replace("--", string.Empty);
        }
        public static string GetSHA1Hash (string Valor)
        {
            SHA1 sha1 = new SHA1CryptoServiceProvider();
            return BitConverter.ToString(sha1.ComputeHash(Encoding.UTF8.GetBytes(Valor))).Replace("", string.Empty);
        }
    }
}
    
25.05.2016 / 19:31