Web Development

General discussion


Protect sensitive data with hashing

By MaryWeilage Editor ·
This week's .NET newsletter describes how you can protect sensitive data with hashing.

Is cryptography a focus for your application development projects? If so, do you protect sensitive data by using hashing or a different method? What do you think about adding salt to hashing algorithms? What are your thoughts on the recent findings about SHA-1?

If you haven't subscribed to our free .NET newsletter, sign up today! Click this link to subscribe automatically:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

use a dual system

by Jaqui In reply to Protect sensitive data wi ...

obscuring be keeping sensitive data as separate as possible from un secured access, and encrypt the data.

Collapse -

remark on the C# code sample

by danny.heijl In reply to Protect sensitive data wi ...

intermediate = Convert.ToBase64String(salt) + test;
byte[] result = new byte[intermediate.Length];
result = sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(intermediate));

result does not need initializing, and the length will be fixed to the length of the chosen hash (160 bits in the case of SHA-1, and not 196), so you could write:

intermediate = Convert.ToBase64String(salt) + test;
byte[] result = sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(intermediate));

Nevertheless a good article. Perhaps a HMAC should have been mentioned too?

Danny Heijl

Collapse -

Thanks for information

by aspatton Contributor In reply to remark on the C# code sam ...

I appreciate the feedback.

Collapse -

Hashing passwords and connection strings

by laugher In reply to Protect sensitive data wi ...

Not having used the .NET functions you described, I assume the algorithim used by the functions produces a reversible hash?

I'm curious as to your response as I always took hashes to be a one-way cryptographic function. I also thought SHA-1 was one-way as well.

In which case, if my recollection is correct, then I'd be very interested in how you would compare password results or retrieve the original connection string to ensure it can be used for data retrieval functionality.

Collapse -

Not reversible but comparable

by aspatton Contributor In reply to Hashing passwords and con ...

Hashing is a one-way process, but values can be compared to a stored hashed value by hashing the value to compare and comparing to the stored hashed value. This is the process used by the FormsAuthentication.HashPasswordForStoringInConfigFile method available in ASP.NET

Related Discussions

Related Forums