Home  [Bill's Home]

MD5 and SHA-1 (to Base-64) with salt

The major problem with MD5 and SHA-1 is that the hash values always give the same values, thus they are exposed to a dictionary attack. It is possible to add salt to the MD5 algorithm, to mix it up a little. In this case the MD5 value is calculated by:

md5($string+ md5($saltvalue))

so that we take the hash of one of the salt values and compute the MD5 signature. This gets added to our input message and then hashed again. The result will be a range of hash values which will differ for each salt value.

 

Message

 

MD5

SHA-1

SHA-256

SHA-384

SHA-512

As a test, MD5 should give:

2zGX8ewbLxjvqhtkj4d3mQ== - Salt used: bert
5O+VoSYJoN5RQRdUVQYe+Q== - Salt used: fred
DviW7lFYY2yGxVQ4vYP26A== - Salt used: bill
DgiA9qsW1OZL9mODC76VKg== - Salt used: text

The code is:

   1:  using System;
   2:  using System.Data;
   3:  using System.Configuration;
   4:  using System.Web;
   5:  using System.Web.Security;
   6:  using System.Web.UI;
   7:  using System.Web.UI.WebControls;
   8:  using System.Web.UI.WebControls.WebParts;
   9:  using System.Web.UI.HtmlControls;
  10:  using System.Collections;
  11:  using System.Security.Cryptography;
  12:   
  13:  public partial class _Default3 : System.Web.UI.Page
  14:  {
  15:      protected void Page_Load(object sender, EventArgs e)
  16:      {
  17:      }
  18:      protected void Button3_Click(object sender, EventArgs e)
  19:      {
  20:          string message;
  21:   
  22:          message = this.tbMessage.Text;
  23:   
  24:          System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
  25:   
  26:          MD5 md5 = new MD5CryptoServiceProvider();
  27:          SHA1 sha1 = new SHA1CryptoServiceProvider();
  28:          SHA256Managed sha256 = new SHA256Managed();
  29:          SHA384Managed sha384 = new SHA384Managed();
  30:          SHA512Managed sha512 = new SHA512Managed();
  31:   
  32:          //md5($salt.md5($pass))
  33:          string[] saltstrings = { "bill", "fred", "bert", "text" };
  34:   
  35:          Random r = new Random();
  36:          string pass = saltstrings[r.Next(saltstrings.Length)];
  37:   
  38:          byte[] messageBytes = encoding.GetBytes(pass);
  39:          byte[] hashmessage = md5.ComputeHash(messageBytes);
  40:          byte[] saltedhash;
  41:   
  42:          hashmessage = md5.ComputeHash(messageBytes);
  43:   
  44:          // Add salt.
  45:          string enc = message + System.Convert.ToBase64String(hashmessage);
  46:   
  47:          // Get the new byte array after adding the salt.
  48:          saltedhash = md5.ComputeHash(encoding.GetBytes(enc));
  49:          this.tbMD5.Text = Convert.ToBase64String(saltedhash) + " - Salt used: " + pass;
  50:   
  51:          saltedhash = sha1.ComputeHash(encoding.GetBytes(enc));
  52:          this.tbSHA1.Text = Convert.ToBase64String(saltedhash) + " - Salt used: " + pass;
  53:   
  54:          saltedhash = sha256.ComputeHash(encoding.GetBytes(enc));
  55:          this.tbSHA256.Text = Convert.ToBase64String(saltedhash) + " - Salt used: " + pass;
  56:   
  57:          saltedhash = sha384.ComputeHash(encoding.GetBytes(enc));
  58:          this.tbSHA384.Text = Convert.ToBase64String(saltedhash) + " - Salt used: " + pass;
  59:   
  60:          saltedhash = sha512.ComputeHash(encoding.GetBytes(enc));
  61:          this.tbSHA512.Text = Convert.ToBase64String(saltedhash) + " - Salt used: " + pass;
  62:      }
  63:      public static string ByteToString(byte[] buff)
  64:      {
  65:          string sbinary = "";
  66:   
  67:          for (int i = 0; i < buff.Length; i++)
  68:          {
  69:              sbinary += buff[i].ToString("X2"); // hex format
  70:          }
  71:          return (sbinary);
  72:      }
  73:  }