How to generate HMAC-SHA256 in .Net Core?
I am using this page to generate some test HMAC-SHA256 hashes for some texts:
https://www.liavaag.org/English/SHA-Generator/HMAC/
However, when I try to use the approach in this MSDN guide in my .Net Core project, I do not get the same results. Could some one explain to me how to get identical results to those I get from the previous web page in my C# code?
Here is my code:
// My own GetHash method usage:
var hashed = PasswordHelper.GetHash("Test", Encoding.UTF8.GetBytes("123"));
public static string GetHash(string password, byte[] salt)
{
// derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: password,
salt: salt,
prf: KeyDerivationPrf.HMACSHA256,
iterationCount: 10000,
numBytesRequested: 256 / 8));
return hashed;
}
Answer
Using the following approach:
public static String GetHash(String text, String key)
{
// change according to your needs, an UTF8Encoding
// could be more suitable in certain situations
ASCIIEncoding encoding = new ASCIIEncoding();
Byte[] textBytes = encoding.GetBytes(text);
Byte[] keyBytes = encoding.GetBytes(key);
Byte[] hashBytes;
using (HMACSHA256 hash = new HMACSHA256(keyBytes))
hashBytes = hash.ComputeHash(textBytes);
return BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
}
you will get the same result as the site you provided:
Console.WriteLine(GetHash("qwerty","123456"));
// 3364ad93c083dc76d7976b875912442615cc6f7e3ce727b2316173800ca32b3a
Proof:
Actually, the code you are using, which is based on this tutorial and on KeyDerivation.Pbkdf2, is producing different results because it uses a much more complex parametrization and another encoding. But despite the results being different, you should REALLY use the approach provided by the example, and stick on the UTF8 encoding.