MD5

M

Marre

Hi all!

I have a md5 question.
I receive a md5 string created with Message-Digest algorithm and I want to
create the same string in my webapplication.

I have this values to go on:

myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some string"))

myMD5String should of cource be the same as the md5 string i receive.

I have no idea if I have told you enough about my problem, but someone might
be able to point me to right direction :)

Best regards
Marre
 
D

Dominick Baier [DevelopMentor]

Hello Marre,

this uses SHA1 for something similar - should be enough to get you started...

// Hash = H(salt, H(passphrase))
static void lengthExtensionHash2()
{
Console.WriteLine("Hash with anti length extension attack 2");

string password = "secret";
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] salt = new byte[32];

new RNGCryptoServiceProvider().GetBytes(salt);

SHA1Managed sha = new SHA1Managed();

byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

CryptoStream cs = new CryptoStream(Stream.Null, sha, CryptoStreamMode.Write);
cs.Write(salt, 0, salt.Length);
cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);

cs.FlushFinalBlock();

byte[] hash = sha.Hash;

string hashString = Convert.ToBase64String(hash);
string saltString = Convert.ToBase64String(salt);

Console.WriteLine("Hash: " + hashString);
Console.WriteLine("Salt: " + saltString);
}
 
M

Marre

Hi Dominick!

Thanks for youre answer. Now I get a string, but I can´t get that string
equal with the string I receive :) I have to try it a little bit more. My
code looks like this:

private string checkMD5sum(string inputvalue)
{
// Perform a hash operation using the phrase. This will
// generate a unique 32 character value to be used as the key.
byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
MD5 md5 = new MD5CryptoServiceProvider();

md5.ComputeHash(bytePhrase);
byte[] result = md5.Hash;

// Build the final string by converting each byte
// into hex and appending it to a StringBuilder
StringBuilder sb = new StringBuilder();
for (int i=0;i<result.Length;i++)
{
sb.Append(result.ToString("X2"));
}

// And return it
return sb.ToString();
}

Best regards
Marre

Dominick Baier said:
Hello Marre,

this uses SHA1 for something similar - should be enough to get you
started...

// Hash = H(salt, H(passphrase))
static void lengthExtensionHash2()
{
Console.WriteLine("Hash with anti length extension attack 2");

string password = "secret";
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] salt = new byte[32];

new RNGCryptoServiceProvider().GetBytes(salt);

SHA1Managed sha = new SHA1Managed();

byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

CryptoStream cs = new CryptoStream(Stream.Null, sha,
CryptoStreamMode.Write);
cs.Write(salt, 0, salt.Length);
cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
cs.FlushFinalBlock();

byte[] hash = sha.Hash;

string hashString = Convert.ToBase64String(hash);
string saltString = Convert.ToBase64String(salt);

Console.WriteLine("Hash: " + hashString);
Console.WriteLine("Salt: " + saltString);
}

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi all!

I have a md5 question.
I receive a md5 string created with Message-Digest algorithm and I
want to
create the same string in my webapplication.
I have this values to go on:

myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
string"))

myMD5String should of cource be the same as the md5 string i receive.

I have no idea if I have told you enough about my problem, but someone
might be able to point me to right direction :)

Best regards
Marre
Click to expand...
Click to expand...
 
D

Dominick Baier [DevelopMentor]

Hello Marre,

so far you are only doing

MD5(inputvalue)

is that what you want??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!

Thanks for youre answer. Now I get a string, but I can´t get that
string equal with the string I receive :) I have to try it a little
bit more. My code looks like this:

private string checkMD5sum(string inputvalue)
{
// Perform a hash operation using the phrase. This will
// generate a unique 32 character value to be used as the key.
byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(bytePhrase);
byte[] result = md5.Hash;
// Build the final string by converting each byte
// into hex and appending it to a StringBuilder
StringBuilder sb = new StringBuilder();
for (int i=0;i<result.Length;i++)
{
sb.Append(result.ToString("X2"));
}
// And return it
return sb.ToString();
}
Best regards
Marre
Hello Marre,

this uses SHA1 for something similar - should be enough to get you
started...

// Hash = H(salt, H(passphrase))
static void lengthExtensionHash2()
{
Console.WriteLine("Hash with anti length extension attack 2");
string password = "secret";
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] salt = new byte[32];
new RNGCryptoServiceProvider().GetBytes(salt);

SHA1Managed sha = new SHA1Managed();

byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

CryptoStream cs = new CryptoStream(Stream.Null, sha,
CryptoStreamMode.Write);
cs.Write(salt, 0, salt.Length);
cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
cs.FlushFinalBlock();
byte[] hash = sha.Hash;

string hashString = Convert.ToBase64String(hash);
string saltString = Convert.ToBase64String(salt);
Console.WriteLine("Hash: " + hashString);
Console.WriteLine("Salt: " + saltString);
}
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi all!

I have a md5 question.
I receive a md5 string created with Message-Digest algorithm and I
want to
create the same string in my webapplication.
I have this values to go on:
myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
string"))

myMD5String should of cource be the same as the md5 string i
receive.

I have no idea if I have told you enough about my problem, but
someone might be able to point me to right direction :)

Best regards
Marr
Click to expand...
Click to expand...
Click to expand...
 
M

Marre

Hi Dominick

Well, I´m trying to get two similar strings ;)
Just kidding.

This is a security check between me and a company working with creditcard
solutions on internet.

I have this "formula": myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1
+ "some string"))
I have two constant values in mySecretValue 1 and 2. The "some string"
value, is a value that I get from input-values that I have made erlier on my
website.

I receive this "myMD5String" and are going to compare it with the string i
get with this formula. But I can´t get this working :(

The call I´m doing to this method shown in erlier message is this:
checkMD5sum(mySecretValue2 + checkMD5sum(mySecretValue1 + "some string"));


/Marre


Dominick Baier said:
Hello Marre,

so far you are only doing
MD5(inputvalue)

is that what you want??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!

Thanks for youre answer. Now I get a string, but I can´t get that
string equal with the string I receive :) I have to try it a little
bit more. My code looks like this:

private string checkMD5sum(string inputvalue)
{
// Perform a hash operation using the phrase. This will
// generate a unique 32 character value to be used as the key.
byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(bytePhrase);
byte[] result = md5.Hash;
// Build the final string by converting each byte
// into hex and appending it to a StringBuilder
StringBuilder sb = new StringBuilder();
for (int i=0;i<result.Length;i++)
{
sb.Append(result.ToString("X2"));
}
// And return it
return sb.ToString();
}
Best regards
Marre
Hello Marre,

this uses SHA1 for something similar - should be enough to get you
started...

// Hash = H(salt, H(passphrase))
static void lengthExtensionHash2()
{
Console.WriteLine("Hash with anti length extension attack 2");
string password = "secret";
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] salt = new byte[32];
new RNGCryptoServiceProvider().GetBytes(salt);

SHA1Managed sha = new SHA1Managed();

byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

CryptoStream cs = new CryptoStream(Stream.Null, sha,
CryptoStreamMode.Write);
cs.Write(salt, 0, salt.Length);
cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
cs.FlushFinalBlock();
byte[] hash = sha.Hash;

string hashString = Convert.ToBase64String(hash);
string saltString = Convert.ToBase64String(salt);
Console.WriteLine("Hash: " + hashString);
Console.WriteLine("Salt: " + saltString);
}
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi all!

I have a md5 question.
I receive a md5 string created with Message-Digest algorithm and I
want to
create the same string in my webapplication.
I have this values to go on:
myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
string"))

myMD5String should of cource be the same as the md5 string i
receive.

I have no idea if I have told you enough about my problem, but
someone might be able to point me to right direction :)

Best regards
Marre
Click to expand...
Click to expand...
Click to expand...
 
D

Dominick Baier [DevelopMentor]

Hello Marre,

maybe the encoding is the problem

i guess default is Unicode - give UTF8 or ASCII a try (or ask the company
how the string is encoded :))

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick

Well, I´m trying to get two similar strings ;)
Just kidding.
This is a security check between me and a company working with
creditcard solutions on internet.

I have this "formula": myMD5String = MD5(mySecretValue2 +
MD5(mySecretValue1
+ "some string"))
I have two constant values in mySecretValue 1 and 2. The "some string"
value, is a value that I get from input-values that I have made erlier
on my
website.
I receive this "myMD5String" and are going to compare it with the
string i get with this formula. But I can´t get this working :(

The call I´m doing to this method shown in erlier message is this:
checkMD5sum(mySecretValue2 + checkMD5sum(mySecretValue1 + "some
string"));

/Marre

Hello Marre,

so far you are only doing
MD5(inputvalue)
is that what you want??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!

Thanks for youre answer. Now I get a string, but I can´t get that
string equal with the string I receive :) I have to try it a little
bit more. My code looks like this:

private string checkMD5sum(string inputvalue)
{
// Perform a hash operation using the phrase. This will
// generate a unique 32 character value to be used as the key.
byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(bytePhrase);
byte[] result = md5.Hash;
// Build the final string by converting each byte
// into hex and appending it to a StringBuilder
StringBuilder sb = new StringBuilder();
for (int i=0;i<result.Length;i++)
{
sb.Append(result.ToString("X2"));
}
// And return it
return sb.ToString();
}
Best regards
Marre
"Dominick Baier [DevelopMentor]"
Hello Marre,

this uses SHA1 for something similar - should be enough to get you
started...

// Hash = H(salt, H(passphrase))
static void lengthExtensionHash2()
{
Console.WriteLine("Hash with anti length extension attack 2");
string password = "secret";
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] salt = new byte[32];
new RNGCryptoServiceProvider().GetBytes(salt);
SHA1Managed sha = new SHA1Managed();

byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

CryptoStream cs = new CryptoStream(Stream.Null, sha,
CryptoStreamMode.Write);
cs.Write(salt, 0, salt.Length);
cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
cs.FlushFinalBlock();
byte[] hash = sha.Hash;
string hashString = Convert.ToBase64String(hash);
string saltString = Convert.ToBase64String(salt);
Console.WriteLine("Hash: " + hashString);
Console.WriteLine("Salt: " + saltString);
}
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi all!

I have a md5 question.
I receive a md5 string created with Message-Digest algorithm and I
want to
create the same string in my webapplication.
I have this values to go on:
myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
string"))
myMD5String should of cource be the same as the md5 string i
receive.

I have no idea if I have told you enough about my problem, but
someone might be able to point me to right direction :)

Best regards
Marre
Click to expand...
Click to expand...
Click to expand...
 
M

Marre

Hi Dominick!

I can see that the string is generated differently if I change the encoding.
Have not had the time to try it out, but as soon as I do that, you will
know.

Thanx for taking the time to help me here!
/Marre
Dominick Baier said:
Hello Marre,

maybe the encoding is the problem

i guess default is Unicode - give UTF8 or ASCII a try (or ask the company
how the string is encoded :))

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick

Well, I´m trying to get two similar strings ;)
Just kidding.
This is a security check between me and a company working with
creditcard solutions on internet.

I have this "formula": myMD5String = MD5(mySecretValue2 +
MD5(mySecretValue1
+ "some string"))
I have two constant values in mySecretValue 1 and 2. The "some string"
value, is a value that I get from input-values that I have made erlier
on my
website.
I receive this "myMD5String" and are going to compare it with the
string i get with this formula. But I can´t get this working :(

The call I´m doing to this method shown in erlier message is this:
checkMD5sum(mySecretValue2 + checkMD5sum(mySecretValue1 + "some
string"));

/Marre

Hello Marre,

so far you are only doing
MD5(inputvalue)
is that what you want??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!

Thanks for youre answer. Now I get a string, but I can´t get that
string equal with the string I receive :) I have to try it a little
bit more. My code looks like this:

private string checkMD5sum(string inputvalue)
{
// Perform a hash operation using the phrase. This will
// generate a unique 32 character value to be used as the key.
byte[] bytePhrase = Encoding.Default.GetBytes(inputvalue);
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(bytePhrase);
byte[] result = md5.Hash;
// Build the final string by converting each byte
// into hex and appending it to a StringBuilder
StringBuilder sb = new StringBuilder();
for (int i=0;i<result.Length;i++)
{
sb.Append(result.ToString("X2"));
}
// And return it
return sb.ToString();
}
Best regards
Marre
"Dominick Baier [DevelopMentor]"
Hello Marre,

this uses SHA1 for something similar - should be enough to get you
started...

// Hash = H(salt, H(passphrase))
static void lengthExtensionHash2()
{
Console.WriteLine("Hash with anti length extension attack 2");
string password = "secret";
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] salt = new byte[32];
new RNGCryptoServiceProvider().GetBytes(salt);
SHA1Managed sha = new SHA1Managed();

byte[] hashedPasswordBytes = sha.ComputeHash(passwordBytes);

CryptoStream cs = new CryptoStream(Stream.Null, sha,
CryptoStreamMode.Write);
cs.Write(salt, 0, salt.Length);
cs.Write(hashedPasswordBytes, 0, hashedPasswordBytes.Length);
cs.FlushFinalBlock();
byte[] hash = sha.Hash;
string hashString = Convert.ToBase64String(hash);
string saltString = Convert.ToBase64String(salt);
Console.WriteLine("Hash: " + hashString);
Console.WriteLine("Salt: " + saltString);
}
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi all!

I have a md5 question.
I receive a md5 string created with Message-Digest algorithm and I
want to
create the same string in my webapplication.
I have this values to go on:
myMD5String = MD5(mySecretValue2 + MD5(mySecretValue1 + "some
string"))
myMD5String should of cource be the same as the md5 string i
receive.

I have no idea if I have told you enough about my problem, but
someone might be able to point me to right direction :)

Best regards
Marre
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MD5 Checksum of a String 2
verilog, rtl, simulation 0
create a md5 / md5 passwd with a salt 6
JavaScript MD5 3
Final chapter of "Learn PHP, MySQL and JavaScript" 3
MD5 hash of object 2
DBD::SQLite install with PPM, MD5 bootstrap parameter 2
Base64 and MD5 fun 2

Members online

No members online now.
Total: 56 (members: 0, guests: 56)
Robots: 430

Forum statistics

Threads
473,982
Messages
2,570,190
Members
46,736
Latest member
zacharyharris

Latest Threads

Top