tags:

views:

507

answers:

2
+1  Q: 

SQL 2005 MD5 Hash and C# MD5 Hash

I currently have a legacy database (SQL 2005) that generates hash strings for tokens. It does it like this...

DECLARE @RowID INT
DECLARE @hashString VARCHAR(128)

SET @RowID = 12345
SET @salt= 0xD2779428A5328AF9

SET @hashBinary = HASHBYTES(('MD5', @salt + CAST(@RowID AS VARBINARY(30)))
SET @hashString = sys.fn_varbintohexstr(@hashBinary)

If I execute this, I my hash string looks like this: "0x69a947fd71b853485007f0d0be0763a5"

Now, I need to replicate the same logic in C# so I can remove the database dependency for generating these hashes, and it has to be backward compatible.

I have implemented in C# like this:

byte[] saltBytes = BitConverter.GetBytes(0xD2779428A5328AF9);
byte[] pidBytes = BitConverter.GetBytes(12345);

byte[] bytesToHash = new byte[saltBytes.Length + pidBytes.Length];

for (int i = 0; i < saltBytes.Length; i++)
{
    bytesToHash[i] = saltBytes[i];
}

for (int i = 0; i < pidBytes.Length; i++)
{
    bytesToHash[saltBytes.Length + 1] = pidBytes[i];
}

MD5CryptoServiceProvider hasher = new MD5CryptoServiceProvider();
byte[] hashedBytes = hasher.ComputeHash(bytesToHash);

string hashString = BitConverter.ToString(hashedBytes).ToLower().Replace("-", "");

The problem is, my C# implementation generates this hash: "715f5d6341722115a1bfb2c82e4421bf"

They are obviously different.

So, is it possible to make the match consistently?

+2  A: 

Looks to me like there's a bug in your second loop. Try changing the "+ 1" to "+ i"...

for (int i = 0; i < pidBytes.Length; i++)
{
    // the line below just overwrites the same position multiple times
    // bytesToHash[saltBytes.Length + 1] = pidBytes[i];
    bytesToHash[saltBytes.Length + i] = pidBytes[i];
}

In your example, you're just overwriting the same position in the array multiple times, instead of setting each item from that point forward.

Scott Ivey  2009-09-20 17:32:10
Making this change gives a different hash value but it is still not the same as the one generated by SQL.
Matthew  2009-09-20 17:44:23
+1  A: 

I've solved the problem:

If I do this in SQL:

DECLARE @Value INT
SET @Value = 12345

SELECT sys.fn_varbintohexstr(CAST(@Value AS VARBINARY(30)))

I get this result: 0x00003039

Now, if I do this in C#:

int value = 12345;
byte[] bytes = BitConverter.GetBytes(value);
Console.Write(BitConverter.ToString(bytes))

I get this result: 39-30-00-00

The bytes appear to be in reverse order. Hence, once I apply these byte arrays to the MD5 hasher, I get distinctly different hash values.

If I reverse the C# byte array before putting it through the MD5 Hasher, I get the same hash generated by SQL.

Matthew  2009-09-21 02:48:41
Nice catch @Matthew
Scott Ivey  2009-09-21 13:25:18
Yeah, any idea why? Is it SQL that is reversing the byte order or is it the BitConverter or am I just consuming way too much caffeine?
Matthew  2009-09-23 21:20:33

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?