Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does ComputeHash depend on machine key when calculated?

I'm trying to work out whether values that have been hashed (using the code below) will be different if the machine key value is different. Also, I'd like to know if implementations in other languages (i.e. Java) would produce different results.

string hashedPassword = Convert.ToBase64String(
    new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(
        System.Text.Encoding.Default.GetBytes(password)));

(I've tried to find an answer on Google but I cannot find anything definitive.)

like image 792
jose Avatar asked Jan 18 '12 10:01

jose


People also ask

Is SHA256 different every time?

Yes, if you hash the same input with the same function, you will always get the same result. This follows from the fact that it is a hash-function.

Are hashes always the same?

Hashing works in one direction only – for a given piece of data, you'll always get the same hash BUT you can't turn a hash back into its original data.

How do hashes work?

Hashing is the process of transforming any given key or a string of characters into another value. This is usually represented by a shorter, fixed-length value or key that represents and makes it easier to find or employ the original string. The most popular use for hashing is the implementation of hash tables.


2 Answers

SHA1CryptoServiceProvider.ComputeHash() will always return the same result for the same input (regardless of which machine it is run on). Any other correctly implemented SHA1-algorithm will also give the same result.

But note that you use System.Text.Encoding.Default.GetBytes(password) to calculate the input. This will not be independent of the machine! You should strongly consider using Encoding.UTF8 instead.

like image 195
Rasmus Faber Avatar answered Sep 28 '22 16:09

Rasmus Faber


No, and no. The hash algorithm does not use a key, and should be implementation independent. Any platform, any machine key, should get the same output.

Incidentally, if you are doing this to store the password, you should first salt the password (normally pre-pending a number of random bytes) before hashing to prevent a dictionary attack against your database.

like image 30
David M Avatar answered Sep 28 '22 17:09

David M