Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I reused some old code and come saw that I had been using this code to generate a SHA1 hash.
HashAlgorithm sha = new SHA1CryptoServiceProvider();
return sha.ComputeHash((new UnicodeEncoding()).GetBytes(password.Trim()));
When I use the following code to generate a SHA1-hash I do not end up with the same hash as when I test with, for example, http://gtools.org/tool/sha1-hash-generator/
Which one is correct?
Am I doing something wrong here?
Most likely a difference in encoding. You’re using UTF-16. Try using UTF-8.
Just confirmed that this site uses UTF-8. But their code is broken for certain characters, such as
', because they put their input through sql escaping.But hashing a password with plain SHA-1 is almost never the correct choice. In most cases, such as storing passwords used for login to your site you should use a proper password hashing functions, such as PBKDF2, bcrypt or scrypt with an appropriate salt.
PBKDF2 is implemented in .net in the Rfc2898DeriveBytes Class