stackoom
  简体   繁体   中英

save hash value in the database

 原文  2015-06-17 05:54:46       c#/ hash

Question

i used this functions to compute the hash value: 

public string GetSHA512(string input)
{
    byte[] data, result;
    StringBuilder hash = new StringBuilder();

    data = Encoding.UTF8.GetBytes(input);
    using (SHA512 shaM = new SHA512Managed())
    {
        result = shaM.ComputeHash(data);
    }

    for (int i = 0; i < result.Length; i++)
    {
        hash.Append(result[i].ToString());
    }

    return hash.ToString();
}

public string GetSHA256(string input)
{
    byte[] data, result;
    StringBuilder hash = new StringBuilder();

    data = Encoding.UTF8.GetBytes(input);
    using (SHA256 shaM = new SHA256Managed())
    {
        result = shaM.ComputeHash(data);
    }

    for (int i = 0; i < result.Length; i++)
    {
        hash.Append(result[i].ToString());
    }

    return hash.ToString();
}

public string GetSHA1(string input)
{
    byte[] data, result;
    StringBuilder hash = new StringBuilder();

    data = Encoding.UTF8.GetBytes(input);
    using (SHA1 shaM = new SHA1Managed())
    {
        result = shaM.ComputeHash(data);
    }

    for (int i = 0; i < result.Length; i++)
    {
        hash.Append(result[i].ToString());
    }

    return hash.ToString();
}

public string GetMD5(string input)
{
    byte[] data, result;
    StringBuilder hash = new StringBuilder();

    data = Encoding.UTF8.GetBytes(input);
    using (MD5 shaM = new MD5CryptoServiceProvider())
    {
        result = shaM.ComputeHash(data);
    }

    for (int i = 0; i < result.Length; i++)
    {
        hash.Append(result[i].ToString());
    }

    return hash.ToString();
}

but now i have few questions:

  1. hash functions are supposed to create the fix output length for any kind of strings.(no matter my input length is 4 or 10000 the output always has a fix size) aren't they? but when my input length changes the output length changes too!! i guess my hash functions doesn't work.

  2. if i want save the result in the database, my hash value filed type should be what?

  3. which one of the hash functions usually used in web applications?

thank you.

3 answers

solution1
 5 ACCPTED  2015-06-17 05:58:05

Currently you're just returning the decimal representation of all the bytes, concatenated together. So { 0, 0, 0 } ends up as "000" whereas { 123, 123, 123 } ends up as "123123123". So yes, both those hashes will give the same output size for any input (SHA-1 will give 20 bytes; MD5 will give 16) but your string representations will currently vary in length.

I would recommend using either a hex representation or base64 - in particular, base64 requires rather less work: 

public string GetSHA1(string input)
{
    byte[] data = Encoding.UTF8.GetBytes(input);
    using (SHA512 shaM = new SHA512Managed())
    {
        byte[] result = shaM.ComputeHash(data);
        return Convert.ToBase64String(result);
    }
}

Hex has the advantage of being a more common way of representing hashes. (Base64 is more usually used for transporting arbitrary binary data, eg images.) For hex, you could use: 

return BitConverter.ToString(result).Replace("-", "");

(Note that I've declared local variables - you appear to be using fields for data and result , which is a bad idea - calling these methods shouldn't affect the state of the instance, IMO.)

Alternatively, you could just return a byte[] and store that directly in the database as a blob. Using base64 or hex is probably simpler though - it's easier to examine the data that way, and frankly easier to query. Strings are just simpler to handle :)

In terms of which hash you should use - I probably wouldn't use either SHA-1 or MD5 unless I had to; I'd default to SHA-256, although it depends on what you're trying to do. If this is hashing passwords for example, you probably want an HMAC of some description - or better yet, don't roll your own, and use an off-the-shelf authentication package.

solution2
 2  2015-06-17 05:58:34

  1. Each hash algorithm (md5/sha1/etc) has its own fixed size;
  2. Don't convert the output hash to string, keep it as byte[].
  3. In order to store the hash, create a blob column in your db and use SQLParameter to insert it properly

solution3
 1  2015-06-17 06:34:41

The common practise is to convert the byte array of the hashcode to a base64 encoding, with ToBase64String() This is how passwords are stored too. The base64 encoding is a string of fixed length, given a fixed number of bytes. It takes 4 characters for each 3 bytes, plus some padding

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Hash passwords using crypto and then save to database How to save a dataset value to a database Create a simple hash value of database columns using c# .net how to verify password which is store in database as a hash value? How can I save an enumeration value to a database? Save dropdown list value to SQL Database Entry save a text and a value into combobox from a database table save a decimal value in database c# Datagrid save value in Database when cell change Read a value from the database and save it into a variable
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM