14
How to do MD5 encryption with C# of a text or file?
And once it’s encrypted, how to decrypt?
3 answers
18
MD5 is not reversible, that is, it is only possible to create the hash (or, as you said, encrypt) and compare with another hash. If they are equal, the password entered is considered the same.
Follow an example:
public static string GerarHashMd5(string input)
{
MD5 md5Hash = MD5.Create();
// Converter a String para array de bytes, que é como a biblioteca trabalha.
byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
// Cria-se um StringBuilder para recompôr a string.
StringBuilder sBuilder = new StringBuilder();
// Loop para formatar cada byte como uma String em hexadecimal
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}
-
How do I compare with another data ? For example, if I use the above-mentioned Hash in a password saved in a database, how do I compare it to a password entered by the user?
-
1
if (senhaDigitada == registroTabela.Senha) { ... }
2
MD5 is a one-way hash function, that is, it only encrypts, what you can do is encrypt saved in the database, after that you can receive the password from a login screen (EX;) and do the encryption process and do the database search for that password. Or if you want to buy two a variable with an MD5 in the application the example below shows how to do this.
See functioned here.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Security.Cryptography;
using System.Text;
public class CriarMD5
{
public string RetornarMD5(string Senha)
{
using (MD5 md5Hash = MD5.Create())
{
return RetonarHash(md5Hash, Senha);
}
}
public bool ComparaMD5(string senhabanco, string Senha_MD5)
{
using (MD5 md5Hash = MD5.Create())
{
var senha = RetornarMD5(senhabanco);
if (VerificarHash(md5Hash, Senha_MD5, senha))
{
return true;
}
else
{
return false;
}
}
}
private string RetonarHash(MD5 md5Hash, string input)
{
byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}
private bool VerificarHash(MD5 md5Hash, string input, string hash)
{
StringComparer compara = StringComparer.OrdinalIgnoreCase;
if (0 == compara.Compare(input, hash))
{
return true;
}
else
{
return false;
}
}
}
public class Program
{
public static void Main()
{
CriarMD5 md5 = new CriarMD5();
var senhabanco = "827ccb0eea8a706c4c34a16891f84e7b";
var Senha = "12345";
Boolean ComparaSenha = md5.ComparaMD5(Senha, senhabanco);
Console.WriteLine(ComparaSenha.ToString());
}
}
-2
Would look like this:
if(GerarHashMd5(senhaDigitada) == registroTabela.Senha) { ... }
You must convert the password entered by the user to MD5 and after comparing with the MD5 password of the database.
Browser other questions tagged c# cryptography
You are not signed in. Login or sign up in order to post.
MD5 is a function of hash one-way, that is, it only "encrypts" (the most correct term is shuffle) and does not untangle. See question on Soen.
– Piovezan
One-way? It seems pointless, rs. If I encrypt something for security reasons, why can’t I read the encryption afterwards? What I encrypted will no longer be useful? I don’t understand, maybe I have to study more about cryptography. Thank you Piovezan!!
– Matheus Bessa
MD5 is not meant to encrypt things. It has its usefulness for example when you apply a password saved in the bank and then compare this hash with the hash of a password entered by the user to see if they match. But you are not able to "invert it" and get the original password back, unless by other means. As a dual-sense encryption function it does not serve, because it does not preserve the original information after it has been applied.
– Piovezan
As Piovezan said, if p/ use p/ passwords you will store the Hash and compare with what was typed by the user after transforming and HASH.
– PauloHDSousa
@Matheusbessa sometimes you don’t need the original information back. For example, passwords saved in bank. When someone authenticates, you just run the same hash algorithm in the password that the user entered, and check if the result exists in the database. Thus you complicate the life of anyone who wants to get passwords after you have stolen your database.
– Oralista de Sistemas
Are you going to need security anyway? Do not use MD5. http://answall.com/questions/2402/comor-hash-de-passwords_safesafesafesafesafesafesafety_passwords
– Maniero
@Matheusbessa Please explain better what you mean by "for safety’s sake", then maybe we can give you a better alternative. Hashes Quick like MD5 are more suitable for preventing changes accidental in the data (eg: corrupted file) or help detect duplicated files, but are not suitable [by themselves] for security - as well as being fast (which makes them unsuitable to protect passwords) they are also vulnerable to collision attacks (which makes them unsuitable to protect against modifications malicious in the data).
– mgibsonbr
MD5 is a one-way function. The point is that there are databases on the internet with tens of thousands of strings and dictionaries with MD5. Ex: If you encrypt in MD5 the word "God" and play this hash on google you will find a site saying that the hash refers to God. So it is "easily" discovered if the idea was to encrypt passwords. So it is not ideal in some cases as password security. More interesting as said above prevent corrupted files or generate a somewhat more complicated filename from the user hit by changing url.
– Paulo