MD5 Encryption

[sde]

I am working on a way to encrypt passwords going into a database.

I come from a PHP background, and when you use the PHP MD5 function, it creates a 32 byte string.

I'm finding that the MD5 strings generated in .NET vary in length.

This isn't a problem, but is there a max length this encrypted string can be?

The purpose I'm using it for is only so passwords stored in the database or on cookie are not readable.

Any insight would be much appreciated.

Thanks!

 

[Derek Stone]

The MD5 service provider in System.Security.Cryptography produces fixed length strings, so I'm not sure as to what you're referring.

 

[sdlangers]

Hi,

This function works well for me -i'm not sure what the fixed string problem is, but this has worked every time for me so far..

Private Function computeMD5(ByVal plainText As String) As String
        Dim ue As New UTF8Encoding      
        Dim bytes() As Byte = ue.GetBytes(plainText)
        Dim md5 As New Security.Cryptography.MD5CryptoServiceProvider
        Dim hashBytes() As Byte

        hashBytes = md5.ComputeHash(bytes)

        Dim hashString As String
        Dim i As Integer
        For i = 0 To UBound(hashBytes)
            hashString += Convert.ToString(hashBytes(i), 16)
        Next

        ' Return the result
        Return hashString
    End Function

 

[sdlangers]

actually - i did some looking into different examples and i think i see what you mean by the fixed length.

when i try to encode the string "testtest" with the above code, i get :

5a671c66aefea124cc08b76ea6d30bb

however, the correct string according to MD5 standard is :

05a671c66aefea124cc08b76ea6d30bb

so to fix this, you need to pad the converted bytes with a 0 to make them fixed length. i think this is what you are talking about..

so here is the revised code that should give you a fixed length string:

' Convert the plain text to bytes
        Dim ue As New UTF8Encoding
        Dim bytes() As Byte = ue.GetBytes(plainText)

        ' Encrypt the bytes
        Dim md5 As New Security.Cryptography.MD5CryptoServiceProvider
        Dim hashBytes() As Byte
        hashBytes = md5.ComputeHash(bytes)

        ' Convert the encrypted bytes back to a string (base 16)
        Dim hashString As String
        Dim i As Integer
        For i = 0 To UBound(hashBytes)
            hashString += Convert.ToString(hashBytes(i), 16).PadLeft(2, "0")
        Next

        ' Return the result
        Return hashString
    End Function

 

[sde]

thanks a lot sdlangers, i have a working version now.

i was comparing the MD5 hash generated by .NEt to one generated by PHP

These are the same 2 words encrypted:

//.NET
05993428babd2cb253834e06de180916

// PHP
5993428babd2cb253834e06de1800916

i'm wondering why they differ. it's not just from the padding, it's actually a '0' near the end of the string.

 

[sdlangers]

yeah - its because it needs to pad each 16bit with a zero.. thats why the padding is inside the loop.

glad it helped - it had me stuck for a while too!!

 

[sde]

so is there any way to make them identical?

 

[sde]

sorry, i get it. i had moved the lefpad method. it matches now.