Generate 32 character MD5 password with Cryptsharp

Asked

Viewed 3,136 times

3

I am using the Cryptsharp library to generate password in MD5. I had read that MD5 generates string with hexadecimals of 32 characters but is generating 34 and with several types of characters.

It’s generating in this format:

$1$gSUz3sUo$mFPQB05MAMhFokOSydON91

Searching saw that there are some different formats of MD5. This starts with these $ in the first three characters.

My code using the library is this:

    public string Codifica(string senha)
    {
        return Crypter.MD5.Crypt(senha);
    }

Anyone who has used this library knows if there is a parameter that can leave my password encoded in 32 characters?

  • Since 2008 MD5 and' considered Broken and unsafe. Currently, it is recommended to use SHA-256 to create secure hashes.

3 answers

4

MD5 is a 128-bit Hash algorithm, in fact it will not return you 32 characters but 16 bytes that are usually converted to hexadecimal text so getting the 32 characters you refer to.

But you’re using a library that generates it a little differently, taking as an example the hash that you mentioned

$1$gSUz3sUo$mFPQB05MAMhFokOSydON91

By the logic used by this library this hash can be broken into 3 parts

$1$ is the version identifier

gSUz3sUo is the salt used

mFPQB05MAMhFokOSydON91 is the hash itself, the $ between salt and hash is only used as a separator.

In this library the values are encoded using a variant of Base64, if this value is decoded you would have back the 16 bytes.

So due to this extra information, using this library you will not have the 16 bytes (or 32 characters) as you wanted, to use it and be able to use the method CryptSharp.Crypter.CheckPassword(senha, hash) to verify the passwords you need the hash the way it returns even, the alternative would be using the MD5CryptServiceProvider from itself . Net and convert the 16 bytes it returns to hexadecimal text.

2

It is a necessity to use the library CryptSharp?

Why I use the native library System.Security.Cryptography.MD5, and it works perfectly for me. If you can make that change!

My implementation with System.Security.Cryptography.MD5 is the following:

/// <summary>
/// Gera hash MD5
/// </summary>
/// <param name="input">String a ser aplicado o hash</param>
/// <returns>String já aplicado o hash MD5</returns>
public static string HashMD5(string input)
{
    using (System.Security.Cryptography.MD5 md5Hash = System.Security.Cryptography.MD5.Create())
    {
        // Convert the valor string to a byte array and compute the hash.
        byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));

        // Create a new Stringbuilder to collect the bytes
        // and create a string.
        StringBuilder sBuilder = new StringBuilder();

        // Loop through each byte of the hashed data 
        // and format each one as a hexadecimal string.
        for (int i = 0; i < data.Length; i++)
        {
            sBuilder.Append(data[i].ToString("x2"));
        }

        // Return the hexadecimal string.
        return sBuilder.ToString();
    }
}

I recommend also take a look in that question, for MD5 is not the best way to hash passwords.

-1

public class Criptografia
    {
        public static string GetMD5Hash (string Valor)
        {
            MD5 md5 = new MD5CryptoServiceProvider();
            return BitConverter.ToString(md5.ComputeHash(Encoding.UTF8.GetBytes(Valor))).Replace("--", string.Empty);
        }
        public static string GetSHA1Hash (string Valor)
        {
            SHA1 sha1 = new SHA1CryptoServiceProvider();
            return BitConverter.ToString(sha1.ComputeHash(Encoding.UTF8.GetBytes(Valor))).Replace("", string.Empty);
        }
    }
}
  • 2

    Welcome to SOPT, could [Edit] your reply and explain it? Thank you

Browser other questions tagged

You are not signed in. Login or sign up in order to post.