SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider

S

Super Julius

Folks,

I am struggling with the following problem. When I encode a string
using FormsAuthentication or SHA1CryptoServiceProvider, I don't get
the same encoding.

In fact I have a SHA1 ASP implementation for one of our legacy
application but I have done the migration using the following code:

private string Hash(string toHash)
{
string hashed = "";

SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] hash = sha1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(toHash));

foreach(byte b in hash)
hashed += Convert.ToString(b, 16).ToUpper();

return hashed;
}

I then noticed that some values were not encoded the same way. So I
tried using FormsAuthentication.HashPasswordForStoringInConfigFile(value,
"SHA1"). Guess what the it encodes the values the same way the ASP
SHA1 does.

Basically this means that the code above with
SHA1CryptoServiceProvider is just wrong. I have tried using all the
encoding available when getting the bytes out of the string but I
cannot get the same encoding.

A value for which it does not work: ArntzHans

Result with SHA1CryptoServiceProvider:
1C4F53FA399F44D81BF4F8540B5127FB44EDA2

Result with FormsAuthentication:
1C4F53FA399F440D81BF4F8540B5127FB404EDA2
* *

Note that the 2 '0' characters outlined on the 2nd result are missing
from the first encoding.

I have read a few threads from users having the same problem, but no
concrete solution to the problem

Wish someone can help me solving this out

Thx
Julien
 
H

Hernan de Lahitte

Your problem is in the Hexa encoding loop. The ToString( b, 16) method gives
you a one char lenght for hexa values of one digit. I suggest you to use
this function for hexa encoding.

BitConverter.ToString( hash ).Replace( "-", string.Empty ).ToUpper()

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.
 
S

Super Julius

Thanks Hernan for your answer.

You pointed right the issue. The problem was my convert to hex value
with Convert.ToString(b, 16).

I have not tested your solution as I fixed the issue just before your
post :) by using String.Format

Anyway I guess this can be relevant to other folks...

Here is the new code with

private string Hash(string toHash)
{
string hashed = "";

SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] hash =
sha1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(toHash));

foreach(byte b in hash)
hashed += String.Format("{0,2:X2}", b);

return hashed;
}

Cheers
Julius
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top