Geek Answers Handbook

Will SHA1 Hash in C # always and forever return the same value for a given string?

I am considering changing the method by which we encrypt passwords to use a one-way hash, not to encrypt. I considered using a simple "GetHashCode" in the password string, but MS warns that this feature may change in the future and is different from 32-bit and 64-bit OS. I don’t want the result to ever be different, as this will cause all the passwords in the database to no longer match when I have the entered value (for example, when we all go to .NET 9.0 or something else )

So, does SHA1 Hash fix the problem? For example, if I use this C # code:

var data = System.Text.Encoding.ASCII.GetBytes(value); data = System.Security.Cryptography.SHA1.Create().ComputeHash(data); return Convert.ToBase64String(data);

will value always and always be the same result? I'm not too worried about a collision in space, this is big, but is there any other reason to consider a wider hash? Thanks in advance!

+4
source share
2 answers

Yes.

Unlike GetHashCode, SHA-1 is a fixed algorithm, like MD5 and SHA-256, all of which were "standardized."

+12
source

Yes. SHA1 is the standard, and the C # implementation should conform to the standard and give the same results.

For your information, SHA1 is not a good way to hash passwords, although this is certainly a big improvement over reversible encryption. SHA1, like MD5, is designed to hash a large amount of data very quickly, so it is very susceptible to brute force password cracking. The best hash functions for passwords are designed for (relatively) slow or variable speeds, and it is difficult to speed them up with hardware. One of them, built into the .NET platform, is PBKDF2, which essentially implements a “stretched” SHA1 (applying SHA1 over and over to the same input, so it takes longer.) It is implemented in this frame class.

+4
source

More articles:


All Articles