This is hashing I’ve done in C#. I have included MD5, SHA1, SHA256, SHA384, and SHA512, the hashes, and then validation of a working versus non-working password.
Screenshot
The code…just copy/paste into Visual Studio Console Project and compile.
using System;
using System.Text;
using System.Security.Cryptography;
public class ReturnHash
{
public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
{
// Salt size
saltBytes = new byte[8];
// Convert Text to Array
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// Create Array
byte[] plainTextSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
// Copy Text into Array
for (int i = 0; i < plainTextBytes.Length; i++)
plainTextSaltBytes[i] = plainTextBytes[i];
// Append Salt
for (int i = 0; i < saltBytes.Length; i++)
plainTextSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
// Algorithm
HashAlgorithm hash;
// Initialize Class
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
byte[] hashBytes = hash.ComputeHash(plainTextSaltBytes);
byte[] hashSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];
// Hash to Array
for (int i = 0; i < hashBytes.Length; i++)
hashSaltBytes[i] = hashBytes[i];
// Append Salt
for (int i = 0; i < saltBytes.Length; i++)
hashSaltBytes[hashBytes.Length + i] = saltBytes[i];
// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashSaltBytes);
// Return Result
return hashValue;
}
public static bool VerifyHash(string plainText,
string hashAlgorithm,
string hashValue)
{
// Base64-encoded hash
byte[] hashWithSaltBytes = Convert.FromBase64String(hashValue);
// Hash without Salt
int hashSizeInBits, hashSizeInBytes;
// Size of hash is based on the specified algorithm.
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hashSizeInBits = 160;
break;
case "SHA256":
hashSizeInBits = 256;
break;
case "SHA384":
hashSizeInBits = 384;
break;
case "SHA512":
hashSizeInBits = 512;
break;
default: // MD5
hashSizeInBits = 128;
break;
}
// Convert to bytes.
hashSizeInBytes = hashSizeInBits / 8;
// Verify Hash Length
if (hashWithSaltBytes.Length < hashSizeInBytes)
return false;
// Array to hold Salt
byte[] saltBytes = new byte[hashWithSaltBytes.Length -
hashSizeInBytes];
// Salt to New Array
for (int i = 0; i < saltBytes.Length; i++)
saltBytes[i] = hashWithSaltBytes[hashSizeInBytes + i];
string expectedHashString =
ComputeHash(plainText, hashAlgorithm, saltBytes);
return (hashValue == expectedHashString);
}
}
public class PasswordEncodingTest1
{
[STAThread]
static void Main(string[] args)
{
// Test Passwords
string rightPassword = "TRUEPassword$";
string wrongPassword = "FALSEPassword$";
string passwordHashMD5 =
ReturnHash.ComputeHash(rightPassword, "MD5", null);
string passwordHashSha1 =
ReturnHash.ComputeHash(rightPassword, "SHA1", null);
string passwordHashSha256 =
ReturnHash.ComputeHash(rightPassword, "SHA256", null);
string passwordHashSha384 =
ReturnHash.ComputeHash(rightPassword, "SHA384", null);
string passwordHashSha512 =
ReturnHash.ComputeHash(rightPassword, "SHA512", null);
Console.WriteLine("Hash and Comparison--- \r\n");
// md5
Console.WriteLine("MD5 {0}", passwordHashMD5);
Console.WriteLine("Right PW MD5 {0}",
ReturnHash.VerifyHash(
rightPassword, "MD5",
passwordHashMD5).ToString());
Console.WriteLine("Wrong PW MD5 {0}",
ReturnHash.VerifyHash(
wrongPassword, "MD5",
passwordHashMD5).ToString());
Console.WriteLine("");
// reference https://en.wikipedia.org/wiki/MD5
// https://msdn.microsoft.com/en-us/library/system.security.cryptography.md5(v=vs.110).aspx
// sha1
Console.WriteLine("SHA1 {0}", passwordHashSha1);
Console.WriteLine("Right PW SHA1 {0}",
ReturnHash.VerifyHash(
rightPassword, "SHA1",
passwordHashSha1).ToString());
Console.WriteLine("Wrong PW SHA1 {0}",
ReturnHash.VerifyHash(
wrongPassword, "SHA1",
passwordHashSha1).ToString());
Console.WriteLine("");
// reference https://en.wikipedia.org/wiki/SHA-1
// https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1(v=vs.110).aspx
// sha256
Console.WriteLine("SHA256 {0}", passwordHashSha256);
Console.WriteLine("Right PW SHA256 {0}",
ReturnHash.VerifyHash(
rightPassword, "SHA256",
passwordHashSha256).ToString());
Console.WriteLine("Wrong PW SHA256 {0}",
ReturnHash.VerifyHash(
wrongPassword, "SHA256",
passwordHashSha256).ToString());
Console.WriteLine("");
// reference https://en.wikipedia.org/wiki/SHA-2
// https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256(v=vs.110).aspx
// sha384
Console.WriteLine("SHA384 {0}", passwordHashSha384);
Console.WriteLine("Right PW SHA384 {0}",
ReturnHash.VerifyHash(
rightPassword, "SHA384",
passwordHashSha384).ToString());
Console.WriteLine("Wrong PW SHA384 {0}",
ReturnHash.VerifyHash(
wrongPassword, "SHA384",
passwordHashSha384).ToString());
Console.WriteLine("");
// reference https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha384(v=vs.110).aspx
// sha512
Console.WriteLine("SHA512 {0}", passwordHashSha512);
Console.WriteLine("Right PW SHA512 {0}",
ReturnHash.VerifyHash(
rightPassword, "SHA512",
passwordHashSha512).ToString());
Console.WriteLine("Wrong PW SHA512 {0}",
ReturnHash.VerifyHash(
wrongPassword, "SHA512",
passwordHashSha512).ToString());
// reference https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512(v=vs.110).aspx
Console.WriteLine("");
Console.WriteLine("");
Console.ReadKey();
}
}