tags:

views:

172

answers:

2

In the .NET framework there are a couple of ways to calculate an MD5 hash it seems, however there is something I don't understand;

What is the distinction between the following? What sets them apart from eachother? They seem to produce identical results:

    public static string GetMD5Hash(string str)
    {
        MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
        byte[] bytes = ASCIIEncoding.Default.GetBytes(str);
        byte[] encoded = md5.ComputeHash(bytes);

        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < encoded.Length; i++)
            sb.Append(encoded[i].ToString("x2"));

        return sb.ToString();
    }

    public static string GetMD5Hash2(string str)
    {
        System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create();
        byte[] bytes = Encoding.Default.GetBytes(str);
        byte[] encoded = md5.ComputeHash(bytes);

        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < encoded.Length; i++)
            sb.Append(encoded[i].ToString("x2"));

        return sb.ToString();
    }
+3  A: 

System.Security.Cryptography.MD5.Create() is actually creating a MD5CryptoServiceProvider. That is why you see the same results.

Looking at the definition MD5 is the base class and it's abstract. I'm guessing they added the public create function for ease of use.

public sealed class MD5CryptoServiceProvider : MD5

public abstract class MD5 : HashAlgorithm

Take a look at the definitions.

MD5 Represents the abstract class from which all implementations of the MD5 hash algorithm inherit.

MD5CryptoServiceProvider Computes the MD5 hash value for the input data using the implementation provided by the cryptographic service provider (CSP). This class cannot be inherited.

Jason Rowe
+2  A: 

As Jason Rowe mentioned (please vote for his answer, this is just a word of warning), there is no functional difference. However, there is a difference if you are considering MD5Managed (or any cryptography class with Managed in the name). Managed-named classes cannot be used when FIPS-compliant encryption algorithms are enabled via Group Policy.

Matthew Ferreira