Using MD5 Encryption: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Using MD5 Encryption

page 2 of 4

by Kay Lee
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 35489/ 48

Article Contents:

Implementing MD5 Encryption in our Applications

When implementing any type of encryption into an application, we must first take into consideration the output. For early encryptions such as RC2 or RC4, there was a need to reverse engineer the initial value. In cases where we're working primarily with passwords or other user input-based validations, such as social security numbers or the last four digits of their credit card number, we can just validate that the stored encrypted value is identical to what was entered in by the user.

To implement an MD5 hashing algorithm in your application, it's suggested to use a central static method if it's to be used by multiple classes, or you may opt to attach it specifically with a certain class if and only if it's the only one that will utilize it. For instance, in most web-based applications, the MD5 hashing algorithm will be used to validate user passwords, and it should only be stored in the data layer. In this example, we'll use a static method.

/// <summary>
/// Encrypts the string to a byte array using the MD5 Encryption Algorithm.
/// <see cref="System.Security.Cryptography.MD5CryptoServiceProvider"/>
/// <param name="ToEncrypt">System.String.  Usually a password.</param>
/// <returns>System.Byte[]</returns>
/// </summary>
public static byte[] MD5Encryption(string ToEncrypt) 
{
     // Create instance of the crypto provider.
     MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
     // Create a Byte array to store the encryption to return.
     byte[] hashedbytes;
     // Required UTF8 Encoding used to encode the input value to a usable state.
     UTF8Encoding textencoder = new UTF8Encoding();

     // let the show begin.
     hashedbytes = md5.ComputeHash(textencoder.GetBytes(ToEncrypt));

     // Destroy objects that aren't needed.
     md5.Clear();
     md5 = null;

     // return the hased bytes to the calling method.
     return hashedbytes;
}

From this example, we're only implementing the bare MD5 algorithm. The MD5 classes are found in the System.Security.Cryptography namespace and help in adding the ease of use to .NET-based languages and applications. The input for the overloaded public method ComputeHash are System.Byte[], System.IO.Stream, and a more precise encryption where a combination of the System.Byte[] and the offset/count is input. We can also use the System.Text.UTF8Encoding class to get the byte array from our string or to use System.Convert.FromBase64. Both will work; however, in this example, we'll use the UTF8Encoding class.

How do I store this byte array?

In Micrsoft SQL Server, you can store the output of an MD5 encryption in a field type of binary. You may run queries to validate by using parameters of the binary type. This is more secure than validating against strings because SQL Server will not case match strings by default and may lead to false validations in case sensitive scenarios. For other data storage mediums, please consult the proper documentation.

An example of an MD5 encryption in runtime is as follows.

// use the password with a upper case M in my.
System.Diagnostics.Debug.WriteLine("MD5Encryption(\"MyPassw0rd1sTh1s\")");
byte[] bytes = MD5Encryption("MyPassw0rd1sTh1s");
for (int i=0;i<bytes.Length;i++) 
{
     System.Diagnostics.Debug.Write(bytes[i].ToString());
     if (i < bytes.Length -1)
          System.Diagnostics.Debug.Write(", ");
}

System.Diagnostics.Debug.WriteLine("");

// change the password to have a lowercase my.
System.Diagnostics.Debug.WriteLine("MD5Encryption(\"myPassw0rd1sTh1s\")");
bytes = MD5Encryption("myPassw0rd1sTh1s");
for (int i=0;i<bytes.Length;i++) 
{
     System.Diagnostics.Debug.Write(bytes[i].ToString());
     if (i < bytes.Length -1)
          System.Diagnostics.Debug.Write(", ");
}

The output is:
MD5Encryption("MyPassw0rd1sTh1s")
160, 163, 28, 224, 220, 31, 34, 25, 105, 73, 210, 22, 244, 57, 35, 160
MD5Encryption("myPassw0rd1sTh1s")
135, 149, 230, 149, 156, 59, 78, 203, 22, 243, 45, 198, 161, 73, 87, 76

As you can see from this example, a single change in case will completely alter the byte array returned hence giving you the powerful encryption for your web application.

« (Page 1)

View Entire Article

(Page 3) »

User Comments

Title: encrytion
Name: chee
Date: 2010-02-12 2:05:07 AM
Comment:
i recommend that you should use this encryption. because it is more convenient to use and it can lessen our work in encrypting password...

Title: Encryption
Name: Meeraj
Date: 2009-03-29 8:55:10 PM
Comment:
Hi is MD5 the best option for encrpting passwords for an finance based system. What is the best possible encrption technique?

Title: testing with the MD5 code today
Name: abhishek
Date: 2008-05-23 2:43:56 AM
Comment:
I will test the code available in this article.. let's see how it goes. Thanks.

Title: thanks
Name: Karen
Date: 2008-01-24 12:57:58 AM
Comment:
it's my first time here....thanks...haha

this is really great...

Title: Euclidean Theory in 3.a and 3.b
Name: Karen
Date: 2008-01-24 12:52:36 AM
Comment:
hi..it's me again Karen.. i have so many questions to ask...
What is the Application of the Euclidean Theory in 3.a and 3.b??thanx...THIS WEBSITE IS GREAT...

Title: How about the Application of Pigeonhole in Encryption?
Name: Karen
Date: 2008-01-24 12:46:17 AM
Comment:
Tn..How about the Appliation of Pigeonhole in Encryption and Decryption?

Title: What is an example of MD5-Complex Encryption Algorithm?
Name: Karen
Date: 2008-01-24 12:39:12 AM
Comment:
I'm a student in one of the colleges in Philippines. I just want to ask if what is MD5? And an example of Complex Encryption Algorithm?This is our project, and honestly speaking I don't have the idea about this..
tHanx..i need ur answer..thanks again

Title: Even number length only?
Name: Jeff
Date: 2007-04-09 3:24:58 PM
Comment:
I had no problem getting this to work, great example.

The only issue that I seem to be running into is the method "MD5SaltedHashEncryption" will only encrypt a string with an even length.

Great example, thank you for sharing this.

Title: Suggestion
Name: prakash sawant
Date: 2006-10-16 7:25:25 AM
Comment:
Only encryption method is provided by u.
But decryption method also needed
so plz. do needful in another article

Title: Encryption
Name: Anil Dhawale
Date: 2006-09-01 8:13:12 AM
Comment:
I am writing the prog which takes input as UserName , Password and 128 bit chalan no by taking thease input then
so how i will form encryption and
How it will be done .

Title: Mulit Lingual Character Sets
Name: Diane Wilson
Date: 2006-08-09 5:50:28 AM
Comment:
We currently use MF5 to encrypt our personal identification information eg Address info, Names etc

However, our business is now starting to use multi lingual characters set (2 bytes per character) and unfortunately my testing MF5 with a unicode field which contains non ascii values (eg greek letters)has not been sucessful. Are you aware of any workaround, other than a translation routine up front.

Many thanks

Di

Title: Great Work
Name: chakris
Date: 2006-06-27 5:55:16 AM
Comment:
Hi Kay,
U hav posted nice blog.I have a question like how can i decrypt the password? do i need to use SHA1 algorthim explicitly for decrypting ? Any solutions or suggestions will be appritiated.. well in advance

Title: NICE ARTICLE!!!!!!!!!!
Name: BJ
Date: 2006-04-02 4:40:43 AM
Comment:
this article is great!

btw, my friendd and i have just set up a website.
called md5Encryption, it can encrypt and decrypt md5.
welcome to visit! =D
http://www.md5encryption.com/

Title: One of the best article on md5
Name: Danish
Date: 2006-02-08 7:34:18 AM
Comment:
I am writting program that take hash (salted md5 hash) from user and apply brute force so i have to form a hash from words, e,g
password=2005
and its hash
hash=$1$UHgk$5XmcGTZshB3r7IP5gWP8I1 (Cisco IOS md5 hash)
only john the ripper software can form hashes from words,
so how i will form hash
How it will be done .

Title: Consultant
Name: Jim S.
Date: 2006-01-15 7:19:40 PM
Comment:
Thanks for passing the salt! I'm catering to some gourmets who are going to eat this stuff up!
:-)
Thanks again for sharing!

Title: Decrypt!!
Name: asif
Date: 2005-09-06 7:14:33 AM
Comment:
It would much helpful if there was any way to derypt the data to original form(input). Can You Work it out

Title: Thanks Justin
Name: Kay Lee
Date: 2004-09-26 3:12:46 PM
Comment:
Thanks Justin,

I tried to be as thorough as possible. If anyone's confused, I'll be more than happy to explain further, and there's a lot of qualified readers too.

btw, my blogs aren't what you'd consider technical reading. :)

Again, thanks man.
Kay

Title: Great all in one article
Name: Justin Lovell
Date: 2004-09-26 9:48:24 AM
Comment:
Cheers Kay,

I think you have an excellent article that combines quite a few blogs together. Normally, with the blogs, the article only develops when the comments/questions are asked -- on the other hand, you have developed from the start to the finish.

Nice job!

-- Justin