Using Hashes to Protect Data

Previous page
Table of content
Next page


Hashes are at the core of most real-world encryption algorithms and solutions. A hash is a one-way encryption algorithm that takes a variable-length string and uses a mathematical formula to reduce that string to a fixed-length hash. For a formula to qualify as a hashing algorithm, the formula must be able to guarantee that it is mathematically impossible for two different strings to ever produce the same hash value, no matter how similar they are. It also must be computationally impossible to write an algorithm that can determine the original message based on the digest (hash value). There are several different kinds of hashing algorithms. The MD (Message Digest) series of algorithms (MD2, MD4, MD5) all produce hashes of 128 bits. Both SHA and SHA-1 (Secure Hash Algorithm) produce digests that are 160 bits in size.

Hashes are used as verifiers. For example: A message is produced, and that same message is then hashed using a one-way algorithm. If the message is then hashed in some other location and compared to the original hash and the two hash values are not the same, you know the message has been tampered with. As you will see in an upcoming section, hashes combined with public key encryption form the basis for digital signatures.

MACTripleDES

The MACTripleDES class inherits from the KeyedHashAlgorithm class. It creates a one-way hash based on a key value. A MAC is a message authentication code; it is a signal from the receiver to the transmitter that the message being transmitted has not been tampered with.

The MAC scenario works like this: The client creates a hash of a message using some encryption algorithm. The client then sends both the message and the hash to the receiver. The receiver (who also knows the secret key) computes a hash from the message received. If the computed hash does not match the transmitted hash, the receiver knows that the message has been tampered with.

The code in Listing 35.2 shows how to hash a phrase (or password or any other arbitrary-length data) to a fixed-length hash code using the MACTripleDES algorithm.

Listing 35.2. A Demonstration of the MACTripleDES Hash Algorithm
 using System; using System.Security.Cryptography; namespace HashCrypto {   /// <summary>   /// Summary description for Class1.   /// </summary>   class Class1   {     /// <summary>     /// The main entry point for the application.     /// </summary>     [STAThread]     static void Main(string[] args)     {      string dataToHash = "The quick brown fox " +        "ran over the lazy dog with a 50 horsepower " +        "lawnmower. The carnage was horrible.";       string key = "ABCDEFGHIJKLMNOPQRSTUVWX";       byte[] dataToHash_Bytes =          System.Text.Encoding.Unicode.GetBytes( dataToHash );       byte[] key_Bytes =          System.Text.Encoding.ASCII.GetBytes( key );       MACTripleDES mac = new MACTripleDES( key_Bytes );       byte[] result_Bytes = mac.ComputeHash( dataToHash_Bytes );       Console.WriteLine("Phase has been hashed to {0} bytes length.",          result_Bytes.Length );       Console.WriteLine(          System.Text.Encoding.ASCII.GetString( result_Bytes ));       Console.ReadLine();     }   } }

When you run this application, you will see that the hash code was reduced to 8 bytes (the size of the hash code is dependent on the size of the key). The MACTripleDES algorithm can use a key that is 8, 16, or 24 bytes and will always produce a hash that is 8 bytes, regardless of the size of the message being hashed. Note that MACTripleDES is a keyed hash algorithm. As such, it requires a secret key in order to create the hash code. Other algorithms, such as SHA1 (Secure Hash Algorithm), do not require a key to hash data.

SHA1Managed

The SHA1Managed class provides a managed implementation of the SHA-1 secure hash algorithm. The SHA-1 hash algorithm is ideal for hashing large amounts of data, such as text and messages being sent over the wire or passwords. The reason is that even the smallest change in the source data can produce extremely variant changes in the hash output. As mentioned before, it is statistically impossible for any two different sources of data ever to produce a collision (a case where two different data sources produce the same hash). Because this algorithm doesn't require a key, it doesn't require very much effort to produce a hash, as shown in Listing 35.3.

Listing 35.3. A Demonstration of the SHA-1 Managed Hash Algorithm Class
 using System; using System.Security.Cryptography; namespace HashCrypto {   /// <summary>   /// Summary description for Class1.   /// </summary>   class Class1   {     /// <summary>     /// The main entry point for the application.     /// </summary>     [STAThread]     static void Main(string[] args)     {      string dataToHash = "The quick brown fox " +        "ran over the lazy dog with a 50 horsepower " +        "lawnmower. The carnage was horrible.";       byte[] dataToHash_Bytes =          System.Text.Encoding.Unicode.GetBytes( dataToHash );       // Produce a SHA1 hash of the original message.       SHA1Managed sha1 = new SHA1Managed();       byte[] sha1_Bytes = sha1.ComputeHash( dataToHash_Bytes);       Console.WriteLine("SHA1 has produced a hash that is {0} bytes long.",          sha1_Bytes.Length);       Console.WriteLine( System.Text.Encoding.ASCII.GetString( sha1_Bytes ));       Console.ReadLine();     }   } }

When you run this modified version of the previous sample, you will see that it produces an output hash that is 20 bytes long. This hash is a favorite for hashing passwords and similar information because the output is always 20 bytes (160 bits), which fits into a database column quite nicely. As mentioned earlier, the SHA1 hash algorithm always produces 160-bit hashes (160 bits equals 20 bytes).

MD5CryptoServiceProvider

The MD5 cryptographic service provider is another popular method for obtaining a one-way hash for verification of data. Because it also inherits from HashAlgorithm, and not KeyedHashAlgorithm, you do not need to provide it with a key to obtain hashed data. A slight modification to the preceding code can be made to produce an MD5-encryption-based hash of the original string, as shown in Listing 35.4.

Listing 35.4. A Demonstration of the MD5 Cryptographic Service Provider
 using System; using System.Security.Cryptography; namespace HashCrypto {   /// <summary>   /// Summary description for Class1.   /// </summary>   class Class1   {     /// <summary>     /// The main entry point for the application.     /// </summary>     [STAThread]     static void Main(string[] args)     {      string dataToHash = "The quick brown fox " +        "ran over the lazy dog with a 50 horsepower " +        "lawnmower. The carnage was horrible.";       byte[] dataToHash_Bytes =          System.Text.Encoding.Unicode.GetBytes( dataToHash );       // Produce an MD5 hash of the original message.       MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();       byte[] md5_Bytes = md5.ComputeHash( dataToHash_Bytes);       Console.WriteLine("MD5 has produced a hash that is {0} bytes long.",          md5_Bytes.Length);       Console.WriteLine( System.Text.Encoding.ASCII.GetString( md5_Bytes ) );       Console.ReadLine();     }   } }

Running this application shows you that the MD5 algorithm will produce a hash that is 16 bytes long (128 bits).


    Previous page
    Table of content
    Next page
    Visual C#. NET 2003 Unleashed
    Visual C#. NET 2003 Unleashed
    ISBN: 672326760
    EAN: N/A
    Year: 2003
    Pages: 316
    BUY ON AMAZON
    CompTIA Project+ Study Guide: Exam PK0-003
    Software Configuration Management
    Visual C# 2005 How to Program (2nd Edition)
    C & Data Structures (Charles River Media Computer Engineering)
    AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
    Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy