How to Use SHA1 or MD5 in C#?(Which One is Better in Performance and Security for Authentication)

c# .net authentication md5 sha1
Sajad Bahmani picture Sajad Bahmani · Nov 18, 2009 · Viewed 61.9k times · Source

In C# how we can use SHA1 automatically?
Is SHA1 better than MD5?(We use hashing for user name and password and need speed for authentication)

Answer

Kyle Rosendo picture Kyle Rosendo · Nov 18, 2009

Not sure what you mean by automatically, but you should really use SHA256 and higher. Also always use a Salt (code) with your hashes. A side note, after time has passed, using hardened hashes is far better than using a plain speed-based hashing function. I.e.: hashing over a few hundred iterations, or using already proven hashing functions such as bcrypt (which is mentioned below I believe). A code sample for using a SHA256 hash function in .NET is as follows:

byte[] data = new byte[DATA_SIZE];
byte[] result;

using(SHA256 shaM = new SHA256Managed()) {
    result = shaM.ComputeHash(data);
}

Will do the trick for you using SHA256 and is found at MSDN.

Sidenote on the "cracking" of SHA1: Putting the cracking of SHA-1 in perspective

Related questions

Token based authentication in Web API without any user interface

I am developing a REST API in ASP.Net Web API. My API will be only accessible via non-browser based clients. I need to implement security for my API so I decided to go with Token based authentication. I have …

Read More
The HTTP request is unauthorized with client authentication scheme 'Ntlm' The authentication header received from the server was 'NTLM'

I know there's a lot of questions on SO similar to this, but I couldn't find one for this particular issue. A couple of points, first: I have no control over our Sharepoint server. I cannot tweak any IIS settings. …

Read More
How can I retrieve Basic Authentication credentials from the header?

I am trying to write some simple tests User Authentication mechanism which uses Basic Authentication. How can I retrieve the credentials from the header? string authorizationHeader = this.HttpContext.Request.Headers["Authorization"]; Where do I go from here? There are several …

Read More