Generate Unix-Style MD5 Password Hash in C#

Question

I am trying to generate a Unix-Style password hash using MD5. I undestand that I need it to look like $1$<salt>$<hash> , but the <hash> part does not look the same, no matter what I do. Here is how I generate the hash:

            MD5 md5 = System.Security.Cryptography.MD5.Create();
            byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(pass);
            byte[] hash = md5.ComputeHash(inputBytes);

            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hash.Length; i++)
            {
                sb.Append((char) hash[i]);
            }

            String calchash = sb.ToString();

I am pretty sure that it is now I am using the StringBuilder to make a string from the hashed bytes. But I don't know what the right settings would be.

Answer 1

Unix md5 crypt doesn't use plain md5. That would be insecure, because plain md5 is fast, and password hashes should be slow.

I found a relevant code-project article: http://www.codeproject.com/KB/recipes/Unix_md5crypt.aspx

Answer 2

It's about formatting. The Unix password hash is in hex format, while you're writing it down in binary. Replace the loop body with:

sb.Append(hash[i].ToString("x").PadLeft(2,'0'));

Answer 3

I think you should use hash[i].ToString("X") instead of just converting to char. Because hash bytes may be in any range from 0 to 255, which is not like md5 hash is looking.