7
Speaking of hash, it is possible to use MD6 in C#?
Someone would have an example of the use in a simple string?
In my research I found nothing very objective.
1 answer
6
In order not to be unanswered I will put here that it is possible, since every algorithm can be implemented in a programming language.
If you want to know if you have in . NET, no, you don’t. If you have in any external library, I don’t know any.
Then you will have to study it and do or ask someone to do.
But the question is: why? Because you want to use something that is not well accepted in the community?
You want a solution and this you get with other algorithms. Try the algorithms available in the SHA2 collection. I doubt that they do not meet what you need. One of them is the SHA512 that is heavy but is very strong. In general the staff even prefer to use something less strong and that is faster to calculate.
Example:
static string sha512(string password) {
byte[] bytes = new SHA512Managed().ComputeHash(Encoding.UTF8.GetBytes(password), 0,
Encoding.UTF8.GetByteCount(password));
var hash = new StringBuilder();
foreach (var item in bytes) {
hash.Append(item.ToString("x2"));
}
return hash.ToString();
}
Behold working in the ideone. And in the .NET Fiddle. Also put on the Github for future reference.
-
most recommended are not Rfc2898derivebytes and Bcrypt? That’s what I saw in my searches...
-
Yes, Bcrypt is stronger. And obviously you need to know how to use it right. If you want to use Bcrypt, use it. I preferred to give a solution that exists in the .Net. To use it you have to take a external library. But I put some additional information to have some example, the question refers to MD6 and not Bcrypt. If you had mentioned him, I might have put something on him. A PBKDF2 is also very good and has in the .Net. I did not think about it. It can be better than these options.
-
@Jedaiasrodrigues The "most recommended" depends on what you want to do. Hash passwords? Use a slow hash. Check file integrity? Use the fastest hash you can find (MD6 doesn’t look bad, and there are many others, maybe even better). Check the authenticity of files? Use a quick hash in the content and then a secure HMAC on top of the hash. Etc.
-
@mgibsonbr want only Hasher passwords... I am using PBKDF2, but would like to try the MD6 for same test purpose.
-
@Jedaiasrodrigues, no hash algorithm alone is safe to protect a password, if you want an algorithm without risk of collision and very fast, I advise using the BLAKE2. Still on the BLAKE2 website, read the FAQ, especially this item: So I shouldn’t use BLAKE2 for hashing user passwords
-
@Jedaiasrodrigues http://cynosureprime.blogspot.se/2015/09/how-we-cracked-millions-of-ashley.html bcrypt is useless if the rest is not right. MD6 won’t do either.
-
@mustache and what is the correct way to use bcrypt?
-
@Jedaiasrodrigues like I’ve never used, I don’t know :P In fact this is the same for any algorithm used. In question about hash you already know have some things about it. If you have something specific, open a question.
Browser other questions tagged c# .net string hash md6
You are not signed in. Login or sign up in order to post.
There is, but why would you want to wear something so out of the ordinary? Use something better, something that people care about. Use what you can use with SHA2. Ponto. https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512(v=vs.110). aspx Nor am I recommending this, she is stronger but is heavy to calculate.
– Maniero
Possible is. All you need to do is convert the Wiki link algorithm into C for C#.
– Leonel Sanches da Silva
@Ciganomorrisonmendez thank you very much, this will be my challenge for today.
– Jedaias Rodrigues
If you want to do this for learning purposes, go ahead, it’s always good! But never, ever implement yourself a cryptographic algorithm to use in practice! Even porting an algorithm from one language to another can introduce defects - not functional defects (like, the result go wrong) but "collateral defects" (see side-Channel Attacks), that allow an attacker to completely destroy the security of their system by exploring details of their implementation (e.g.: measuring the time it takes to calculate, or how much power the computer consumes while calculating, etc).
– mgibsonbr