Salting a C# MD5 ComputeHash on a stream

Question

I can't see any way to salt a MD5.ComputeHash(Stream). Am I missing some way of injecting bytes into the HashAlgorithm?

I tried performing a ComputeHash(byte[]) before performing the stream compute, but, unsurprisingly, it had no effect. Any ideas (apart from modifying the file)?

Thanks for your time.

addendum Just to be a little more specific, I want to use a stream to get a hash on a large file that I don't want to load into memory.

FileInfo myFI= new FileInfo("bigfile.dat");
FileStream myIFS = piFile.OpenRead();
MD5 md5 = MD5.Create();
byte[] hash = md5.ComputeHash ( myIFS );
myIFS.Close ();

Answer 1

I think you can use a syntax like:

byte[] saltedBytes;
//TODO: fill the saltedBytes;
var hasher=new MD5CryptoServiceProvider();
var memoryStream=new MemoryStream(saltedBytes);
hasher.ComputeHash(memoryStream);
memoryStream.Close;

Answer 2

The answer to the lack of examples is in my opinion: you don't really need to salt it.

The hash algorithm like MD5 takes a table of bytes of arbitrary length and converts it to a table of bytes of known length - the operation is not easily reversible and small changes to the input table cause unpredictable changes in the output table:

input => MD5 => output

The purpose of salting is protection against attacks where user has already precomputed table of hash results (rainbow tables). By introducing small changes in the input, the results are change drastically, so even if attacker knows the hash result and the salt, it is very difficult to guess the input:

input + salt => MD5 => output

The reason for hashing files is to compute a checksum. E.g. you publish a file on your web page along with the hash result. User then downloads a file, runs it through MD5 and compares the result with your published result. It would be very difficult to tamper with the file, because each manipulation would change the resulting hash.

Salting is not necessary here, because you would have to publish the salt with the resulting hash, so that the user can repeat the hashing operation.

If you really need to introduce salting, just change the input stream in the repeatable way, e.g. add one (with overflow) to each byte.

Answer 3

You might consider using the HMACMD5 class and setting the Key property instead. In general, I'd go with an HMAC rather than the standard hash function since they offer a bit better security.

Answer 4

this is the right way to do it:

    private static byte[] _emptyBuffer = new byte[0];

    public static byte[] CalculateMD5(Stream stream)
    {
        return CalculateMD5(stream, 64 * 1024);
    }

    public static byte[] CalculateMD5(Stream stream, int bufferSize)
    {
        MD5 md5Hasher = MD5.Create();

        byte[] buffer = new byte[bufferSize];
        int readBytes;

        while ((readBytes = stream.Read(buffer, 0, bufferSize)) > 0)
        {
            md5Hasher.TransformBlock(buffer, 0, readBytes, buffer, 0);
        }

        md5Hasher.TransformFinalBlock(_emptyBuffer, 0, 0);

        return md5Hasher.Hash;
    }