calculate a MD5 hash from a string

Question

0.00/5 (No votes)

See more:

hi friends,

I use the following C# code to calculate a MD5 hash from a string. it works well and generate a 32-character hex string like this:

C#

//900150983cd24fb0d6963f7d28e17f72
string sSourceData;
byte[] tmpSource;
byte[] tmpHash;
sSourceData = "MySourceData";
//Create a byte array from source data.
tmpSource = ASCIIEncoding.ASCII.GetBytes(sSourceData);
tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpSource);
// and then convert tmpHash to string...

ok, now i have a question:
Is there anyway to use a code like this to generate a 16-character hex string ( or 12-character string ) ?? 32-character hex string is good but i thinks it'll be boring for costumer to enter the code !

i'll appreciate any help. sorry for my bad english,
thanks in advance.

Posted 12-Jul-12 4:15am

Mohamad77

Updated 12-Jul-12 4:23am

Sandeep Mewara

v2

Add a Solution

Comments

lewax00 12-Jul-12 10:24am

Any reason you can use something like the first 16 characters of that string?

Mohamad77 12-Jul-12 13:18pm

it's almost ok, but i think using 16-char hex string could calculate repetitive KEYs.
for example H(x) = [A][B] (A: 16-char, B: 16-char)
and H(y) = [A][C]
although the result of H(x) and H(y) is different, the first 16-char is the same ! and it will hackers to crack the KEY !
am i wrong !!?

thanks for answer.

lewax00 12-Jul-12 15:03pm

As far as I know, MD5 isn't exactly secure to begin with. But if you really want to help the user out, make a way to just copy and paste it (e.g. send it to them in an email).

Mohamad77 13-Jul-12 0:26am

thanks lewax.
what do you mean by saying that MD5 isn't exactly secure to begin with!? do you have any other idea ?
would you explain more please?

lewax00 13-Jul-12 0:30am

It's apparently relatively easy to generate collisions with it (e.g. creating the same hash from different input). Check out the Wikipedia article for more detail: http://en.wikipedia.org/wiki/MD5#Security

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-07-12T04:20:00

Solution 1

No.
An MD5 hash is always a 128 bit value. It would be possible to use the number to generate a alphanumeric code, but unless you use upper and lower case (and the user is aware that case is significant) you are still looking at a 22 character code for them to enter.

Why would you want your user to enter the hash anyway?

Posted 12-Jul-12 4:20am

OriginalGriff

Comments

Mohamad77 12-Jul-12 13:11pm

thanks for your answer.

I want to publish an application for windows,
the user should buy the license to use my application,
so my application request two fields: USERNAME: ... , and KEY: ....
I want to hash the USERNAME and create the KEY, then the user should enter the specific USERNAME and KEY.
my problem here is that the KEY should be 12-characters,
(But in MD5 hash, I get the 32-char KEY).
you mean that i should change the 32-char KEY to 12-char KEY manually !?
please help me, i really need it.

OriginalGriff 12-Jul-12 14:04pm

I mean you can't change a 128 bit MD5 value into 12 characters at all! 128 bits is 16 eight-bit bytes, most of which are not available from the keyboard. :)

The other problem is that if you just straight hash a username, then the same username will work on any PC that they type the hash into - it's an example of a anti-piracy measure that does nothing for security, but annoys legitimate users.

Dump the MD5 - it's just going to waste your time and annoy people. Have a look on Google for "simple software protection" instead, and you will find a variety of ideas - your problem is not unique! :laugh:

Mohamad77 12-Jul-12 15:00pm

ok thanks,
but i think if i use the unique hardware id ( e.g. Processor ID ) as the username, in this way each license can just be valid on a specific computer !!
i mean in this way every computer has it's own specific username ( e.g. Processor ID ) !
am i wrong?
so i hash the unique username, and give the KEY to the customer.
32-char KEY annoying customers i think !
isn't there any hash algorithm, or any other way to create 12-char KEY from the unique username !?
thanks again.

OriginalGriff 12-Jul-12 15:29pm

The Processor ID is already a 16 hex digit number, and it isn't unique! To add insult to injury, some processors don't support it, and what are you going to do with systems with multiple processors in them? :laugh:
Ask your self: do you really need this? Are you going to lose so much money that it is worth a considerable effort of your time to prevent the (probably small) number of thefts? Because if you don't get it right, you will piss off more legitimate customers than you will prevent pirates - who look at software protection as a challenge. There are companies who I will never buy software from again, because of bad experiences with their protection systems as a legitimate user.

If you are going to lose a lot of money, then look at a commercial package - they are cheap compared to the work involved!
If you aren't going to lose a lot, then just drop the idea, and use nothing or a simple internet register-and-use system instead.

Mohamad77 13-Jul-12 0:33am

Yes, i have thought about some of these scenarios !
and i'll try my best to make it easy for the customer.

yes, losing a lot of money and paying for the damage to the companies is making me to secure my software more and more !

thanks for the help Griff :)
i'll appreciate any other idea to solve my issue !