I reused some old code and come saw that I had been using this code to generate a SHA1 hash.
HashAlgorithm sha = new SHA1CryptoServiceProvider(); return sha.ComputeHash((new UnicodeEncoding()).GetBytes(password.Trim()));
When I use the following code to generate a SHA1-hash I do not end up with the same hash as when I test with, for example, http://gtools.org/tool/sha1-hash-generator/
Cual es la correcta?
¿Estoy haciendo algo mal aquí?
preguntado el 08 de noviembre de 11 a las 13:11
Most likely a difference in encoding. You're using UTF-16. Try using UTF-8.
Just confirmed that this site uses UTF-8. But their code is broken for certain characters, such as
', because they put their input through sql escaping.
But hashing a password with plain SHA-1 is almost never the correct choice. In most cases, such as storing passwords used for login to your site you should use a proper password hashing functions, such as PBKDF2, bcrypt or scrypt with an appropriate salt.
PBKDF2 is implemented in .net in the Rfc2898DeriveBytes (clase)
Example of SHA-1 salting:
return Convert.ToBase64String( new HMACSHA1( Encoding.UTF8.GetBytes(salt)) .ComputeHash( Encoding.UTF8.GetBytes(input)));