.NET MD5 Class Library

• Download Library - 17 Kb

Introduction

This article describes how to use a MD5 class library I have written for .NET.

MD5 is recommended to be implemented in the following manner

Encrypting
1. Generate a Random "Salt" Value
2. Merge the string to encrypt with the "Salt"
3. MD5 the merged string
4. Save the MD5 Hash in one location and the Salt in another, usually a separate "Table" in your DBMS (Database Management System)

Testing
1. Locate the saved "Salt"
2. Merge the string and the saved "Salt"
3. MD5 the merged string
4. Test the new MD5 hash against the saved, if a match is found allow usage to whatever you were protecting.

Background

I chose to write this class library because all the articles and recommendation I found and were told at MSDN events recommended storing this Salt in a DBMS. I was writing an ASP.NET application where I wanted to use XML files for storage of usernames and passwords. Storing Salts in the same XML file isn't recommended, but I also didn't think it was secure storing them in any XML file "plainly". I decided to write a class that would generate the salt, merge it with the string, encrypt the string, take the salt and place it in a RANDOM location in the hash, save the hash. This allows me to store the HASH in one XML file and makes the Salt far more secure since it has to be found in the HASH string first, very difficult to do. Also since the HASH string looks so similar to regular MD5 HASH strings its hard to determine when this method is actually being used.

Using the code

Since the code is being distributed as a Class Library it is very easy to use.

Steps to using this class library:
1. Download the package
2. Extract it to your HD
3. Right click references in VS.NET IDE (Solution Explorer) and hit "Add Reference"
4. Add code similar to that below

Imports IST.DataHash


'Code was removed for simplicity




Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim MD5 As New MD5
        'Encrypts the specified string

          lblEncString.Text = MD5.Encrypt(txtEncrypt.Text)
End Sub

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click

Dim MD5 As New MD5

  'Verifys the string matches the hash, returns True or False.

  lblDecString.Text = MD5.Verify(txtEncrypt.Text, lblEncString.Text)

End Sub

The assembly is also Strong Name signed to allow addition to the GAC

Source Code

Imports System.Security.Cryptography
Imports System.Text
Namespace DataHash
    ''' -----------------------------------------------------------------------------

    ''' Project	 : DataHash

    ''' Class	 : DataHash.MD5

    ''' 

    ''' -----------------------------------------------------------------------------

    ''' <SUMMARY>

    ''' Provides advanced MD5 support for your applications

    ''' </SUMMARY>

    ''' <REMARKS>

    ''' </REMARKS>

    ''' <HISTORY>

    ''' 	[Frazell Thomas]	4/13/2004	Created

    ''' </HISTORY>

    ''' -----------------------------------------------------------------------------

    Public Class MD5
        Private EncStringBytes() As Byte
        Private Encoder As New UTF8Encoding
        Private MD5Hasher As New MD5CryptoServiceProvider

        ''' <SUMMARY>

        ''' Encryptes the specified string to MD5 with the Salt information embedded

        ''' </SUMMARY>

        ''' <REMARKS>

        ''' Accepts any non-array string type

        ''' </REMARKS>

        ''' <RETURNS>

        ''' Returns a string containing the MD5 HASH with embedded SALT

        ''' </RETURNS>

        ''' <EXAMPLE>

        ''' <CODE>

        ''' 'Generates a MD5 Hash for a string

        ''' Dim S as string

        ''' Dim MD5 as new IST.DataHash.MD5

        ''' s = "This is a string"

        ''' s = MD5.Encrypt(s)

        ''' 

        ''' 

        'Encrptes the string in MD5 when passed as a string

        Public Function Encrypt(ByVal EncString As String) As String
            'Variable Declarations

            Dim RanGen As New Random
            Dim RanString As String = ""
            Dim MD5String As String
            Dim RanSaltLoc As String

            'Generates a Random number of under 4 digits

            While RanString.Length <= 3
                RanString = RanString & RanGen.Next(0, 9)
            End While

            'Converts the String to bytes

            EncStringBytes = Encoder.GetBytes(EncString & RanString)

            'Generates the MD5 Byte Array

            EncStringBytes = MD5Hasher.ComputeHash(EncStringBytes)

            'Affixing Salt information into the MD5 hash

            MD5String = BitConverter.ToString(EncStringBytes)
            MD5String = MD5String.Replace("-", Nothing)

            'Finds a random location in the string to sit the salt

            RanSaltLoc = RanGen.Next(4, MD5String.Length)

            'Shoves the salt in the location

            MD5String = MD5String.Insert(RanSaltLoc, RanString)

            'Adds 0 for values under 10 so we always occupy 2 charater spaces

            If RanSaltLoc < 10 Then
                RanSaltLoc = "0" & RanSaltLoc
            End If

            'Shoves the salt location in the string at position 3

            MD5String = MD5String.Insert(3, RanSaltLoc)

            'Returns the MD5 encrypted string to the calling object

            Return MD5String
        End Function

        ''' 


        ''' Verifies a string against an MD5 Hash string.

        ''' 

        ''' 

        ''' Accepts any non-array string type

        ''' 

        ''' 

        ''' Returns True or False

        ''' 

        ''' 

        ''' 

        ''' 'Test a string against an MD5 Hash

        ''' Dim S as string

        ''' Dim MD5String as string

        ''' Dim MD5 as new IST.DataHash.MD5

        ''' s = "This is a string"

        ''' MD5String = MD5.Encrypt(s)

        ''' 'Prints the test results on screen

        ''' console.write(MD5.Verify(s,MD5String))

        ''' 

        ''' 

        'Verifies the String entered matches the MD5 Hash

        Public Function Verify(ByVal S As String, ByVal Hash As String) As Boolean
            'Variable Declarations

            Dim SaltAddress As Double
            Dim SaltID As String
            Dim NewHash As String

            'Finds the Salt Address and Removes the Salt Address from the string

            SaltAddress = Hash.Substring(3, 2)
            Hash = Hash.Remove(3, 2)

            'Finds the SaltID and removes it from the string

            SaltID = Hash.Substring(SaltAddress, 4)
            Hash = Hash.Remove(SaltAddress, 4)

            'Converts the string passed to us to Bytes

            EncStringBytes = Encoder.GetBytes(S & SaltID)

            'Encryptes the string passed to us with the salt

            EncStringBytes = MD5Hasher.ComputeHash(EncStringBytes)

            'Converts the Hash to a string

            NewHash = BitConverter.ToString(EncStringBytes)
            NewHash = NewHash.Replace("-", Nothing)

            'Tests the new has against the one passed to us

            If NewHash = Hash Then
                Return True
            ElseIf NewHash <> Hash Then
                Return False
            End If
        End Function

    End Class
End Namespace

Points of Interest

Various MD5 references

Using MD5 to Encrypt Passwords in a Database
Search MD5 here on CodePlanet

History

March 7, 2006 - Released Source Code due to much demand and authorization by Infinity Squared Technologies, Inc.
April 13, 2004 - Released Version 1.0 publicly