By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,949 Members | 1,648 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,949 IT Pros & Developers. It's quick & easy.

String conversion

P: n/a
Hi

I'm maintaining a VisualC++ project to increase its security regarding
stored passwords.

I thought about using SHA256Managed to create a hash for the password
when creating a user and when this new user tries to login, a new hash
will be created for the given password and compared to the stored
hash. I guess this is quite common.

My problem is that I'm not used (at all) with the 2005 edition (just
VC6) and the creator of the software uses extensively managed strings,
i.e.:

String ^ SomeName

And I'm in trouble converting this type to what SHA256Managed can
understand and then convert the hash back to "String^"

This is what I've found, just for testing the conversion techniques:
#include "stdafx.h"

using namespace System;
using namespace System::Text;
using namespace System::Security::Cryptography;

int main()
{
// Create two different encodings.
Encoding^ ascii = Encoding::ASCII;
Encoding^ unicode = Encoding::Unicode;

String ^ sSourceData = "operator";

// Perform the conversion from one encoding to the other.
array<unsigned char>^UnicodeData = unicode-
>GetBytes( sSourceData );
array<unsigned char>^AsciiData = Encoding::Convert( unicode,
ascii, UnicodeData );

SHA256^ shaM = gcnew SHA256Managed;
array<unsigned char>^ HashResult = shaM-
>ComputeHash( AsciiData );
Console::WriteLine(String::Format("Size: {0}", HashResult -
>Length));
array<Char>^asciiChars = gcnew array<Char>(ascii-
>GetCharCount( result, 0, HashResult ->Length ));
ascii->GetChars( result, 0, HashResult ->Length, asciiChars,
0 );
String ^ sOutputData = gcnew String( asciiChars );
Console::WriteLine( sOutputData );

}

As far as I could understand the ouput, it seems that ComputeHash is
generating real bytes and not hex digits, and I have read somewhere
(can't find it any more) that ComputeHash would generate a hex string
in the output array.

Any ideas?

Thanks in advance
Francisco
Dec 20 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
vcnewbie wrote:
As far as I could understand the ouput, it seems that ComputeHash is
generating real bytes and not hex digits, and I have read somewhere
(can't find it any more) that ComputeHash would generate a hex string
in the output array.
Use System::Convert::ToBase64String to convert the array of bytes that you
get from the hash into a base64-encoded string.

-cd
Dec 20 '07 #2

P: n/a
On 20 dez, 13:34, "Carl Daniel [VC++ MVP]"
<cpdaniel_remove_this_and_nos...@mvps.org.nospamwr ote:
vcnewbie wrote:
As far as I could understand the ouput, it seems that ComputeHash is
generating real bytes and not hex digits, and I have read somewhere
(can't find it any more) that ComputeHash would generate a hex string
in the output array.

Use System::Convert::ToBase64String to convert the array of bytes that you
get from the hash into a base64-encoded string.

-cd
Thanks for the idea, it is a shortcut on what I am doing up to now.

But I guess I didn't put it clear: the SHA256 hash should be a string
of hex numbers, but its results are binary numbers, so I think I'll
have to make a conversion from binary to hex myself.

Thanks again
Francisco
Dec 20 '07 #3

P: n/a
Use System.BitConverter.ToString(byte[]) to do this. I converts an array of
bytes to hexadecimal string representation of the array.

--
HTH,

Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP

"vcnewbie" <fr****@gmail.comwrote in message
news:54**********************************@i12g2000 prf.googlegroups.com...
On 20 dez, 13:34, "Carl Daniel [VC++ MVP]"
<cpdaniel_remove_this_and_nos...@mvps.org.nospamwr ote:
>vcnewbie wrote:
As far as I could understand the ouput, it seems that ComputeHash is
generating real bytes and not hex digits, and I have read somewhere
(can't find it any more) that ComputeHash would generate a hex string
in the output array.

Use System::Convert::ToBase64String to convert the array of bytes that
you
get from the hash into a base64-encoded string.

-cd

Thanks for the idea, it is a shortcut on what I am doing up to now.

But I guess I didn't put it clear: the SHA256 hash should be a string
of hex numbers, but its results are binary numbers, so I think I'll
have to make a conversion from binary to hex myself.

Thanks again
Francisco

Dec 21 '07 #4

P: n/a
On 21 dez, 09:08, "Kevin Spencer" <unclechut...@nothinks.comwrote:
Use System.BitConverter.ToString(byte[]) to do this. I converts an array of
bytes to hexadecimal string representation of the array.

--
HTH,

Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP

Thanks a lot, Kevin, that's what I've been looking for, the
modifications on the original code are minimal and clear now.

The test code now is the following (in the case someone needs SHA256
hashing):
#include "stdafx.h"

using namespace System;
using namespace System::Text;

String ^ SHA256Hash(String ^ sInputData);

int main()
{
Console::WriteLine( "password1 : {0}" , SHA256Hash ( "password1
" ) ) ;
Console::WriteLine( "password2 : {0}" , SHA256Hash ( "password2
" ) ) ;
Console::WriteLine( "password3 : {0}" , SHA256Hash ( "password3
" ) ) ;
}

String ^ SHA256Hash(String ^ sInputData) {
// Create two different encodings.
Encoding^ ascii = Encoding::ASCII;
Encoding^ unicode = Encoding::Unicode;

// Initializes a SHA256 hash object for hash computation.
System::Security::Cryptography::SHA256^ shaM = gcnew
System::Security::Cryptography::SHA256Managed;

// Perform the conversion from one encoding to the other.
array<unsigned char>^UnicodeData = unicode->GetBytes( sInputData );
array<unsigned char>^AsciiData = Encoding::Convert( unicode, ascii,
UnicodeData );

// Computes the hash and converts it from binary to string, removing
unwanted characters.
array<unsigned char>^ BaseResult = shaM->ComputeHash( AsciiData );
String ^ sOutputData = System::BitConverter::ToString( BaseResult );
sOutputData = sOutputData->Replace("-","");

return sOutputData;
}
or, a little bit more obfuscated:
String ^ SHA256Hash(String ^ sInputData) {
//Create two different encodings and initializes a SHA256 hash object
for hash computation.
Encoding^ ascii = Encoding::ASCII;
Encoding^ unicode = Encoding::Unicode;
System::Security::Cryptography::SHA256^ shaM = gcnew
System::Security::Cryptography::SHA256Managed;

return (
System::BitConverter::ToString(
shaM->ComputeHash(
Encoding::Convert(
unicode,
ascii,
unicode->GetBytes( sInputData )
)
)
)->Replace("-","")
);
}
Dec 21 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.