Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does the hashing algorithm of the MD5CryptoServiceProvider use some sort of key? If I have a webfarm (or multiple web roles in Windows Azure) will the result of a hash always be the same given the same input on different servers? Or do I have to set some sort of key on the web.config across all servers?
Cryptographic hash functions will always give the same result. They don’t take a key.
But I would avoid MD5 in favor of SHA-2 for most applications. MD5 has been broken, in particular finding collisions is easy. And neither MD5 nor plain SHA-2 is fit for password hashing, if that’s what you’re doing.
There is a related concept: Message-Authentication-Codes (MAC). One of the most popular forms, HMAC is based on hashing the message and the key in a certain way.
To prevent tampering with parameters, I recommend using HMAC-SHA-256, with Base64 encoding. You can truncate it if it’s too long. What you should NOT DO is using
Hash(key + message), that’s trivially vulnerable to a length extension attack.