Using MD5 Encryption
page 3 of 4
by Kay Lee
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 47634/ 131

Add a Pinch of Salt

In the previous page, we saw an example of a simple MD5 hashing algorithm and how it's easily implemented in your web application.  The term "salt" is used to describe an addition.  Some examples available on the web will use additional strings such as username or the url of the site.  In this example, we'll use a double encryption technique, and the salt will be the outcome of the first encryption.

/// <summary>
/// Encrypts the string to a byte array using the MD5 Encryption 
/// Algorithm with an additional Salted Hash.
/// <see cref="System.Security.Cryptography.MD5CryptoServiceProvider"/>
/// </summary>
/// <param name="ToEncrypt">System.String.  Usually a password.</param>
/// <returns>System.Byte[]</returns>
public static byte[] MD5SaltedHashEncryption(string ToEncrypt) 
{
     // Create instance of the crypto provider.
     MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
     // Create a Byte array to store the encryption to return.
     byte[] hashedbytes;
     // Create a Byte array to store the salted hash.
     byte[] saltedhash;

     // let the show begin.
     hashedbytes = md5.ComputeHash(
          System.Convert.FromBase64String(ToEncrypt));

     // Let's add the salt.
     ToEncrypt += System.Convert.ToBase64String(hashedbytes);
     // Get the new byte array after adding the salt.
     saltedhash = md5.ComputeHash(textencoder.GetBytes(ToEncrypt));

     // Destroy objects that aren't needed.
     md5.Clear();
     md5 = null;

     // return the hased bytes to the calling method.
     return saltedhash;
}

In this example, we use two System.Byte arrays to store our hash outputs.  Furthermore, we use System.Convert.FromBase64 and System.Convert.ToBase64 rather than the Encoding class used in the previous example.  You may apply other spices to this method by including another string and even the start and length of the first hash to use as salt.  The more complicated you make the encryption, the harder it is to crack.

As you may have gathered, you can return a string value through the encrytion method by using the System.Convert.FromBase64 method.  In some cases, it's optimal to store a string value; however, it is optimal to use the full byte array in storage for security purposes.

The output of the salted MD5 encryption method is:

MD5SaltedHashEncryption("MyPassw0rd1sTh1s")
212, 152, 90, 70, 106, 66, 10, 5, 25, 151, 21, 164, 143, 4, 128, 218
MD5SaltedHashEncryption("myPassw0rd1sTh1s")
231, 247, 149, 128, 190, 210, 57, 167, 39, 28, 223, 164, 48, 216, 88, 24

As you can see from this example, the output is further jumbled to give the encryption a little more flavor.  To reiterate a previous point, it's best to further add to the salted scheme by adding an additional string (or more salt) to enhance the encryption further.


View Entire Article

User Comments

Title: encrytion   
Name: chee
Date: 2010-02-12 2:05:07 AM
Comment:
i recommend that you should use this encryption. because it is more convenient to use and it can lessen our work in encrypting password...
Title: Encryption   
Name: Meeraj
Date: 2009-03-29 8:55:10 PM
Comment:
Hi is MD5 the best option for encrpting passwords for an finance based system. What is the best possible encrption technique?
Title: testing with the MD5 code today   
Name: abhishek
Date: 2008-05-23 2:43:56 AM
Comment:
I will test the code available in this article.. let's see how it goes. Thanks.
Title: thanks   
Name: Karen
Date: 2008-01-24 12:57:58 AM
Comment:
it's my first time here....thanks...haha

this is really great...
Title: Euclidean Theory in 3.a and 3.b   
Name: Karen
Date: 2008-01-24 12:52:36 AM
Comment:
hi..it's me again Karen.. i have so many questions to ask...
What is the Application of the Euclidean Theory in 3.a and 3.b??thanx...THIS WEBSITE IS GREAT...
Title: How about the Application of Pigeonhole in Encryption?   
Name: Karen
Date: 2008-01-24 12:46:17 AM
Comment:
Tn..How about the Appliation of Pigeonhole in Encryption and Decryption?
Title: What is an example of MD5-Complex Encryption Algorithm?   
Name: Karen
Date: 2008-01-24 12:39:12 AM
Comment:
I'm a student in one of the colleges in Philippines. I just want to ask if what is MD5? And an example of Complex Encryption Algorithm?This is our project, and honestly speaking I don't have the idea about this..
tHanx..i need ur answer..thanks again
Title: Even number length only?   
Name: Jeff
Date: 2007-04-09 3:24:58 PM
Comment:
I had no problem getting this to work, great example.

The only issue that I seem to be running into is the method "MD5SaltedHashEncryption" will only encrypt a string with an even length.

Great example, thank you for sharing this.
Title: Suggestion   
Name: prakash sawant
Date: 2006-10-16 7:25:25 AM
Comment:
Only encryption method is provided by u.
But decryption method also needed
so plz. do needful in another article
Title: Encryption   
Name: Anil Dhawale
Date: 2006-09-01 8:13:12 AM
Comment:
I am writing the prog which takes input as UserName , Password and 128 bit chalan no by taking thease input then
so how i will form encryption and
How it will be done .
Title: Mulit Lingual Character Sets   
Name: Diane Wilson
Date: 2006-08-09 5:50:28 AM
Comment:
We currently use MF5 to encrypt our personal identification information eg Address info, Names etc

However, our business is now starting to use multi lingual characters set (2 bytes per character) and unfortunately my testing MF5 with a unicode field which contains non ascii values (eg greek letters)has not been sucessful. Are you aware of any workaround, other than a translation routine up front.

Many thanks

Di
Title: Great Work   
Name: chakris
Date: 2006-06-27 5:55:16 AM
Comment:
Hi Kay,
U hav posted nice blog.I have a question like how can i decrypt the password? do i need to use SHA1 algorthim explicitly for decrypting ? Any solutions or suggestions will be appritiated.. well in advance
Title: NICE ARTICLE!!!!!!!!!!   
Name: BJ
Date: 2006-04-02 4:40:43 AM
Comment:
this article is great!

btw, my friendd and i have just set up a website.
called md5Encryption, it can encrypt and decrypt md5.
welcome to visit! =D
http://www.md5encryption.com/
Title: One of the best article on md5   
Name: Danish
Date: 2006-02-08 7:34:18 AM
Comment:
I am writting program that take hash (salted md5 hash) from user and apply brute force so i have to form a hash from words, e,g
password=2005
and its hash
hash=$1$UHgk$5XmcGTZshB3r7IP5gWP8I1 (Cisco IOS md5 hash)
only john the ripper software can form hashes from words,
so how i will form hash
How it will be done .
Title: Consultant   
Name: Jim S.
Date: 2006-01-15 7:19:40 PM
Comment:
Thanks for passing the salt! I'm catering to some gourmets who are going to eat this stuff up!
:-)
Thanks again for sharing!
Title: Decrypt!!   
Name: asif
Date: 2005-09-06 7:14:33 AM
Comment:
It would much helpful if there was any way to derypt the data to original form(input). Can You Work it out
Title: Thanks Justin   
Name: Kay Lee
Date: 2004-09-26 3:12:46 PM
Comment:
Thanks Justin,

I tried to be as thorough as possible. If anyone's confused, I'll be more than happy to explain further, and there's a lot of qualified readers too.

btw, my blogs aren't what you'd consider technical reading. :)

Again, thanks man.
Kay
Title: Great all in one article   
Name: Justin Lovell
Date: 2004-09-26 9:48:24 AM
Comment:
Cheers Kay,

I think you have an excellent article that combines quite a few blogs together. Normally, with the blogs, the article only develops when the comments/questions are asked -- on the other hand, you have developed from the start to the finish.

Nice job!

-- Justin






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2019 ASPAlliance.com  |  Page Processed at 2019-05-24 8:41:27 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search