.NET  .NET Framework  Application Security

The following is an excerpt from Vijay Mukhi's upcoming book "Microsoft .NET Framework: Web Application Security." This book will be available for purchase from this site as an e-book in April, 2008.

MD5CryptoServiceProvider

c.cs
using System.Security.Cryptography;
using System;
using System.Text;
class zzz
{
public static void Main()
{
MD5CryptoServiceProvider s;
s = new MD5CryptoServiceProvider ();
byte [] o,r;
o = Encoding.UTF8.GetBytes("Vijay");
r = s.ComputeHash(o);
Console.WriteLine("Length of array {0}",r.Length);
for ( int i = 0 ; i < r.Length ; i++)
Console.Write("{0:x}",r[i]);
Console.WriteLine();
String t = Encoding.ASCII.GetString(r);
Console.WriteLine(t);
String ss = Convert.ToBase64String(r);
Console.WriteLine(ss);
}
}

Command Prompt Window
C:\encrypt>c
Length of array 16
3f8e154b1ff9a18c1a238a42e558f1a
♥??T???↑??8?.U?→
A/jhVLH/mhjBojikLlWPGg==

If you know how to use one provider, you will be able to work with others easily. In the above program, we have simply modified two lines of code. We replaced SHA1CryptoServiceProvider by MD5CryptoServiceProvider and the rest of the code remains the same. The size of a MD5 hash is 128 bits.

The whole point of using the cryptography classes in the .NET framework is that they hide the mathematics involved in cryptography. All we need to learn is the way to use these classes.

Cryptographers sometimes talk about collisions, which are where two pieces of data produce the same hash. Theoretically, SHA1 cannot produce a collision but MD5 can. However it has not been proved in practice, so for all practical purposes both are safe to use.