When a user registers at our site we check the address with an address validation service. This service can return an address suggestion if the entered address is found but has some errors. This sugggestion is returned to the user.
The user can accept the suggestion and is trusted. If he changes the address he is not trusted.
Is there a good way to check if the data displayed to the user is the same as the data he posts? I guess I need a hidden field with the hash of the addressdata. But I am not shure which algorithm I should take. The algorithm should be case insensitive if possible.
The algorithm should create a tamper-proof oneway hash.
EDIT:
This worked pretty well so far. I still have to test with umlaute (ä,ü ).
StringBuilder addressData = new StringBuilder();
addressData.Append(FirstName);
addressData.Append(LastName);
addressData.Append(StreetNumber);
addressData.Append(StreetName);
addressData.Append(City);
addressData.Append(CountryISO);
addressData.Append(Zip);
string stringVal = addressData.ToString().ToLower();
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(ApplicationConfiguration.ShaKey);
byte[] messageBytes = encoding.GetBytes(stringVal);
HMACSHA256 hmacsha256 = new HMACSHA256(keyByte);
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
string hash = ByteToString(hashmessage);
return hash