By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,897 Members | 1,490 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,897 IT Pros & Developers. It's quick & easy.

SHA1Managed class has different results in 2.0 vs. 1.1??

P: n/a
Bob
We currently have an application running on .NET 1.1. It hashes certain
data using System.Security.Cryptography.SHA1Managed class. It has worked
out fine until we upgraded the app to .NET 2.0. SHA1Managed in 2.0 hashes
to a different stirng output when the input is exactly the same. Why would
this be the case? I thought the SHA1 algorithm is the same regardless of
the actual implementation. Here's my source code, which compiles file in
both 1.1 and 2.0

public static string HashThis(string salt, string password) {
System.Text.ASCIIEncoding encoding=new
System.Text.ASCIIEncoding();
string saltedPassword = salt + password;
byte [] saltByte = encoding.GetBytes(saltedPassword);
SHA1CryptoServiceProvider sha = new
System.Security.Cryptography.SHA1CryptoServiceProv ider();
sha.ComputeHash(saltByte);
return encoding.GetString(sha.Hash);
}
Thanks a lot for any help.
Bob
Jan 18 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Bob
ALl right, figured out the problem right after I sent the question. It's an
ASCII encoding issue. ASCII encoding behaves differently in 2.0 and 1.1,
not the hashing itself.
"Bob" <bo*******@yahoo.com> wrote in message
news:Od*************@tk2msftngp13.phx.gbl...
We currently have an application running on .NET 1.1. It hashes certain
data using System.Security.Cryptography.SHA1Managed class. It has worked
out fine until we upgraded the app to .NET 2.0. SHA1Managed in 2.0 hashes
to a different stirng output when the input is exactly the same. Why
would this be the case? I thought the SHA1 algorithm is the same
regardless of the actual implementation. Here's my source code, which
compiles file in both 1.1 and 2.0

public static string HashThis(string salt, string password) {
System.Text.ASCIIEncoding encoding=new
System.Text.ASCIIEncoding();
string saltedPassword = salt + password;
byte [] saltByte = encoding.GetBytes(saltedPassword);
SHA1CryptoServiceProvider sha = new
System.Security.Cryptography.SHA1CryptoServiceProv ider();
sha.ComputeHash(saltByte);
return encoding.GetString(sha.Hash);
}
Thanks a lot for any help.
Bob

Jan 18 '06 #2

P: n/a
Bob <bo*******@yahoo.com> wrote:
We currently have an application running on .NET 1.1. It hashes certain
data using System.Security.Cryptography.SHA1Managed class. It has worked
out fine until we upgraded the app to .NET 2.0. SHA1Managed in 2.0 hashes
to a different stirng output when the input is exactly the same. Why would
this be the case? I thought the SHA1 algorithm is the same regardless of
the actual implementation. Here's my source code, which compiles file in
both 1.1 and 2.0

public static string HashThis(string salt, string password) {
System.Text.ASCIIEncoding encoding=new
System.Text.ASCIIEncoding();
string saltedPassword = salt + password;
byte [] saltByte = encoding.GetBytes(saltedPassword);
SHA1CryptoServiceProvider sha = new
System.Security.Cryptography.SHA1CryptoServiceProv ider();
sha.ComputeHash(saltByte);
return encoding.GetString(sha.Hash);
}


The problem is that your code is broken - it's converting from
arbitrary binary data to a string using an ASCII encoding. What do you
expect it to do when it comes across a byte outside the ASCII range
(i.e. anything over 127)?

Here's a program which demonstrates the problem:

using System;
using System.Text;

class Test
{
static void Main()
{
byte[] data = new byte[]{140};
string text = Encoding.ASCII.GetString(data);
Console.WriteLine ((int)text[0]);
}
}

Basically, you were relying on unspecified behaviour, and it's changed.
Now as to what you can do about that - the easiest thing would probably
be to emulate the previous behaviour. The simplest way of doing that is
something like:

static string OldBytesToAscii (byte[] data)
{
char[] c = new char[data.Length];
for (int i=0; i < data.Length; i++)
{
c[i] = (char)(data[i]&0x7f);
}
return new string (c);
}

A better solution for moving forward in the future is to base64 binary
data when you need it in a reliable text form.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Jan 18 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.