MD5 Hashing Given a Key in C#

Question

I've been looking for a way to hash a given string in C# that uses a predetermined key.

On my adventures through the internet trying to find an example i have seen lots of MD5CryptoServiceProvider examples which seem to use a default key for the machine, but none of them that apply a specific key. I need to have a specific key to encode data as to synchronize it to someone else's server. I hand them a hashed string and an ID number and they use that analyze the data and return a similar set to me. So is there anyway to get md5 to hash via a specific key that would be consistent to both.

I would prefer this to be done in C#, but if its not possible with the libraries can you do so with some web languages like php or asp?

Edit: Misunderstood the scenario I was thrown into and after a little sitting and thinking about why they would have me use a key it appears they want a key appended to the end of the string and hashed. That way the server can appended the key it has along with the data passed to ensure its a valid accessing computer. Anyways... thanks all ^_^

Edit2: As my comment below says, it was the term 'salting' I was oblivious to. Oh the joys of getting thrown into something new with no directions.

Answer 1

MD5 is not encryption - it's a hash. It doesn't allow a string to be decrypted.

You're looking for a symmetric encryption algorithm. It uses the same key to encrypt and decrypt. Trying to use encryption functions without understanding them is dangerous. Even if you think you understand them, you can make a mistake.

If you're transferring data to another person's server, you may be better off using something like gpg to encrypt the file using a symmetric key you both agree on over the phone, or perhaps some public-key crypto. This way, you don't write any crypto code, and it's safer (not completely secure, mind you, but safer).

---

Edit: I'm still trying to decipher your requirements.

MD5 is an unkeyed hash function - there is not key in use at all. So let's say the server sends you a giant string, or a file, and a hash of it. You would then MD5 the string or file, and compare the hash you computed with the hash they sent. If they match - the data was not corrupted in transit. That doesn't mean no one tampered with what they sent you in transit, because MD5 has no "secret sauce" to it. I can md5 anything I want and send it to you.

A HMAC is a keyed hash function. It has a secret ingredient that only you and the group you're communicating with should know - the secret key. If they send you a long string or file, and a HMAC, you can compute the HMAC yourself, compare your HMAC and theirs, and if they match, the data was not corrupted in transit, nor was the data tampered with.