Ask a Question related to ASP.NET Security, Design and Development.
-
Super Julius #1
SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider
Folks,
I am struggling with the following problem. When I encode a string
using FormsAuthentication or SHA1CryptoServiceProvider, I don't get
the same encoding.
In fact I have a SHA1 ASP implementation for one of our legacy
application but I have done the migration using the following code:
private string Hash(string toHash)
{
string hashed = "";
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] hash = sha1.ComputeHash(System.Text.Encoding.UTF8.GetByte s(toHash));
foreach(byte b in hash)
hashed += Convert.ToString(b, 16).ToUpper();
return hashed;
}
I then noticed that some values were not encoded the same way. So I
tried using FormsAuthentication.HashPasswordForStoringInConfig File(value,
"SHA1"). Guess what the it encodes the values the same way the ASP
SHA1 does.
Basically this means that the code above with
SHA1CryptoServiceProvider is just wrong. I have tried using all the
encoding available when getting the bytes out of the string but I
cannot get the same encoding.
A value for which it does not work: ArntzHans
Result with SHA1CryptoServiceProvider:
1C4F53FA399F44D81BF4F8540B5127FB44EDA2
Result with FormsAuthentication:
1C4F53FA399F440D81BF4F8540B5127FB404EDA2
* *
Note that the 2 '0' characters outlined on the 2nd result are missing
from the first encoding.
I have read a few threads from users having the same problem, but no
concrete solution to the problem
Wish someone can help me solving this out
Thx
Julien
Super Julius Guest
-
Digest::SHA1 b64digest weirdness
This is really bizzaro. Here's my code: use Digest::SHA1; $password = "garbage"; my $ctx = Digest::SHA1->new; $ctx->add($password); my... -
sha1 problem
I'm I'm trying to compare 2 hash values using sha1 one written in vb.net and the other in Python. The value I get in my vb.net code does not... -
Javascript::SHA1 V 1.01
The pure Perl module Javascript::SHA1 V 1.01 is available immediately from CPAN, and from http://savage.net.au/Perl-modules.html. On-line docs,... -
SHA1 digest
Dear all, I used Digest::SHA1 module to produce a digest on a message. The digest I get by calling sha1($msg) is a binary data in 20 bytes long.... -
md5 / sha1 - Any real difference?
Folks, I use md5 hash with some of my cookies and occassionally a hidden form field - I know the physical data on my network is insecure (unless... -
Hernan de Lahitte #2 Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider
Your problem is in the Hexa encoding loop. The ToString( b, 16) method gives
you a one char lenght for hexa values of one digit. I suggest you to use
this function for hexa encoding.
BitConverter.ToString( hash ).Replace( "-", string.Empty ).ToUpper()
--
Hernan de Lahitte
Lagash Systems S.A.
[url]http://weblogs.asp.net/hernandl[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Super Julius" <super_julius@yahoo.com> wrote in message
news:e315dbfd.0405120452.688259ce@posting.google.c om...sha1.ComputeHash(System.Text.Encoding.UTF8.GetByte s(toHash));> Folks,
>
> I am struggling with the following problem. When I encode a string
> using FormsAuthentication or SHA1CryptoServiceProvider, I don't get
> the same encoding.
>
> In fact I have a SHA1 ASP implementation for one of our legacy
> application but I have done the migration using the following code:
>
> private string Hash(string toHash)
> {
> string hashed = "";
>
> SHA1 sha1 = new SHA1CryptoServiceProvider();
> byte[] hash =>
> foreach(byte b in hash)
> hashed += Convert.ToString(b, 16).ToUpper();
>
> return hashed;
> }
>
> I then noticed that some values were not encoded the same way. So I
> tried using FormsAuthentication.HashPasswordForStoringInConfig File(value,
> "SHA1"). Guess what the it encodes the values the same way the ASP
> SHA1 does.
>
> Basically this means that the code above with
> SHA1CryptoServiceProvider is just wrong. I have tried using all the
> encoding available when getting the bytes out of the string but I
> cannot get the same encoding.
>
> A value for which it does not work: ArntzHans
>
> Result with SHA1CryptoServiceProvider:
> 1C4F53FA399F44D81BF4F8540B5127FB44EDA2
>
> Result with FormsAuthentication:
> 1C4F53FA399F440D81BF4F8540B5127FB404EDA2
> * *
>
> Note that the 2 '0' characters outlined on the 2nd result are missing
> from the first encoding.
>
> I have read a few threads from users having the same problem, but no
> concrete solution to the problem
>
> Wish someone can help me solving this out
>
> Thx
> Julien
Hernan de Lahitte Guest
-
Super Julius #3 Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider
Thanks Hernan for your answer.
You pointed right the issue. The problem was my convert to hex value
with Convert.ToString(b, 16).
I have not tested your solution as I fixed the issue just before your
post :-) by using String.Format
Anyway I guess this can be relevant to other folks...
Here is the new code with
private string Hash(string toHash)
{
string hashed = "";
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] hash =
sha1.ComputeHash(System.Text.Encoding.UTF8.GetByte s(toHash));
foreach(byte b in hash)
hashed += String.Format("{0,2:X2}", b);
return hashed;
}
Cheers
Julius
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Super Julius Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
