How To: Hash Data Using MD5 and SHA1
4.79/5 (23 votes)
Sample application describing how to use the MD5 and SHA1 classes.
Introduction
My encryption methods take a string and hash it using MD5 or SHA1 and then return it encrypted.
There are two types of encryption:
- One way Encryption
- Two way Encryption
Take the input data and encrypt it, and there is no way to decrypt it again to get the source data. A good sample for one way encryption is MD5. Another good sample for one way encryption is SQL Server Membership; it store passwords encrypted and there is no way to get the original password back. All we can do is compare the password you entered and the hashed data.
Take input data and encrypt it, and in another side we take the encrypted data and decrypt it again using the same algorithm.
See samples here: http://waleedelkot.blogspot.com/2009/02/encryption-and-decryption-using-c.html.
In this article, I will talk about MD5 and SHA1 and present a sample code. The namespace we are using is: System.Security.Cryptography.
Advantages and Disadvantages
The following articles give a lot of detail on the differences of performance of the algorithms:
- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/bdadotnetarch15.asp
- http://www.sandelman.ottawa.on.ca/ipsec/1996/05/msg00116.html
Important Information
MD5 (Message Digest Algorithm):
It was developed by Ronald Rivest in 1991. The hash size for the MD5 algorithm is 128 bits. The ComputeHash methods of the MD5 class returns the hash as an array of 16 bytes.
SHA1 (Secure Hash Algorithm):
This was developed by NIST. The hash size for the SHA1 algorithm is 160 bits.
Background
If you are familiar with C# and its security classes, this article will be easy for you.
Using the code
You can use the GetMD5HashData or GetSHA1HashData method directly to hash any string. I'm using the MD5 class and the SHA1 class.
The sample code contains four methods:
GetMD5HashData: takes any string and hashes it using theMD5class.GetSHA1HashData: takes any string and hashes it using theSHA1class.ValidateMD5HashData: compares input text using MD5 with the stored one.ValidateSHA1HashData: compares input text using SHA1 with the stored one.
Hashing using the MD5 class
/// <summary>
/// take any string and encrypt it using MD5 then
/// return the encrypted data
/// </summary>
/// <param name="data">input text you will enterd to encrypt it</param>
/// <returns>return the encrypted text as hexadecimal string</returns>
private string GetMD5HashData(string data)
{
//create new instance of md5
MD5 md5 = MD5.Create();
//convert the input text to array of bytes
byte[] hashData = md5.ComputeHash(Encoding.Default.GetBytes(data));
//create new instance of StringBuilder to save hashed data
StringBuilder returnValue = new StringBuilder();
//loop for each byte and add it to StringBuilder
for (int i = 0; i < hashData.Length; i++)
{
returnValue.Append(hashData[i].ToString());
}
// return hexadecimal string
return returnValue.ToString();
}
Hashing using the SHA1 class
/// <summary>
/// take any string and encrypt it using SHA1 then
/// return the encrypted data
/// </summary>
/// <param name="data">input text you will enterd to encrypt it</param>
/// <returns>return the encrypted text as hexadecimal string</returns>
private string GetSHA1HashData(string data)
{
//create new instance of md5
SHA1 sha1 = SHA1.Create();
//convert the input text to array of bytes
byte[] hashData = sha1.ComputeHash(Encoding.Default.GetBytes(data));
//create new instance of StringBuilder to save hashed data
StringBuilder returnValue = new StringBuilder();
//loop for each byte and add it to StringBuilder
for (int i = 0; i < hashData.Length; i++)
{
returnValue.Append(hashData[i].ToString());
}
// return hexadecimal string
return returnValue.ToString();
}
Validation methods
/// <summary>
/// encrypt input text using MD5 and compare it with
/// the stored encrypted text
/// </summary>
/// <param name="inputData">input text you will enterd to encrypt it</param>
/// <param name="storedHashData">the encrypted text
/// stored on file or database ... etc</param>
/// <returns>true or false depending on input validation</returns>
private bool ValidateMD5HashData(string inputData, string storedHashData)
{
//hash input text and save it string variable
string getHashInputData = GetMD5HashData(inputData);
if (string.Compare(getHashInputData, storedHashData) == 0)
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// encrypt input text using SHA1 and compare it with
/// the stored encrypted text
/// </summary>
/// <param name="inputData">input text you will enterd to encrypt it</param>
/// <param name="storedHashData">the encrypted
/// text stored on file or database ... etc</param>
/// <returns>true or false depending on input validation</returns>
private bool ValidateSHA1HashData(string inputData, string storedHashData)
{
//hash input text and save it string variable
string getHashInputData = GetSHA1HashData(inputData);
if (string.Compare(getHashInputData, storedHashData) == 0)
{
return true;
}
else
{
return false;
}
}
I hope my article was helpful for you all. Here is my blog: http://waleedelkot.blogspot.com/.