Cryptography and .NET - Part 4 (Hash Values)

Introduction

In previous parts of this series (Part 1, Part 2 and Part 3) we saw various techniques of encrypting the data. In this part we are going to learn how to ensure that data coming to you has not been tampered with during the transfer. The technique that we will be using is hash. Hash values allow us to verify the integrity of data. The hash value of received data can be compared to the hash value of data that was sent to check if the data is tampered.

.NET Framework classes for creating hashes

.NET Framework provides following main classes to work with hashes:

• SHA1Managed
• MD5CryptoServiceProvider
• MACTripleDES

Since SHA1 is now a broken algorithm, we will use MD5CryptoServiceProvider to generate hash values.

Example

We are going to create a helper class that will help us create and verify hash values using MD5 algorithm. The class contains two methods - GetHash() and VerifyHash(). The former accepts string whose hash value is to be generated and returns the computed hash as a byte array. The later accepts the message as it was received and the hash generated previously and returns true if the message is not altered during transmit otherwise returns false.

public class MD5HashHelper
{
public byte[] GetHash(string message)
{
byte[] data;
data=System.Text.UTF8Encoding.ASCII.GetBytes(message);
MD5CryptoServiceProvider md5=new MD5CryptoServiceProvider();
return md5.ComputeHash(data,0,data.Length);
}

public bool VerifyHash(string message, byte[] hash)
{
byte[] data;
data=System.Text.UTF8Encoding.ASCII.GetBytes(message);
MD5CryptoServiceProvider md5=new MD5CryptoServiceProvider();
byte[] hashtemp=md5.ComputeHash(data,0,data.Length);
for(int x = 0; x < hash.Length;x++)
{
if (hash[x] != hashtemp[x])
{
return false;
}
}
return true;
}
}

Let's dissect the code step by step:

• We first need to import System.Security.Cryptography namespace in your class
• The GetHash() accepts string whose hash value is to be generated and returns the computed hash as a byte array.
• Inside the function we used UTF8Encoding class and get aa byte representation of the string to be transfered.
• We then create an instance of MD5CryptoServiceProvider class and call its ComputeHash by passing the byte created above to it.
• The ComputeHash() function generates the hash for the given data and returns another byte array that represents the hash value of the data.
• The VerifyHash() function accepts the message as it was received and the hash generated previously and returns true if the message is not altered during transmit otherwise returns false.
• Inside this function we again use UTF8Encoding class and generate byte representation of the received message.
• We then compute hash for this data using the same ComputeHash() method of MD5CryptoServiceProvider class.
• Finally, we run a for loop and check each and every byte of original hash value and the hash we generated above. If both the hash values are matching we can conclude that the data is not tampered.

Download

Complete source code along with a sample usage is available for download with this article (see top).

Summary

In this example we saw how to ensure data integrity using MD5 hashing algorithm. In the next article on the series we will learn to generate digital signatures.