Iterative / Additive MD5

views:

answers:

+2 Q:

Iterative / Additive MD5

I need to generate a checksum over a dictionary. Keys and Values.

Is there any simple way to accomplish this in an iterative way.

foreach(var item in dic.Keys) checksum += checksum(dic[item]) + checksum(item);

In this case, keys and values could be converted to strings, concatinated and then a single checksum applied over these but is there a better way?

Ideally MD5 but other options could work. Using this to validate data that is passed over a couple of storage methods. The checksum is then encrypted along with some other information (using AES) so I am not horribly worried about an ideal, unbreakable checksum.

Answered my own question I think....

GetHashCode() on each item. Add them in an unchecked {} environment. Too simple.

Andrew Robinson 2010-04-28 23:20:52

You do realize basically you're expecting addresses in memory to match between signer and verifier , right?

Remus Rusanu 2010-04-28 23:26:31

It depends on how strong you want the checksum to be. If you want a cryptographically strong checksum then this will not work, since GetHashCode() is *not* cryptographically strong, so MD5 or SHA1 or whatever *of GetHashCode()* won't be strong, either. If you just want a checksum for hashing purposes then, of course, that's exactly what GetHashCode() is for.

Evgeny 2010-04-28 23:45:11

+3 A:

Generating a signature is pretty much the same process all over: create a MD5 hash object, then you digest all the bytes of interest, then you extract the hash value. The important thing is that you and the verifier agree on the bytes to hash and on the order they are hashed.

In C# you can achieve this by calling HashAlgorithm.TransformBlock repeatedly, and then finally calling HashAlgorithm.TransformFinalBlock. This is automated by using a CryptoStream with a HashTransform (MD5 implements ICryptoTransform) and then simply writing your dictionary into the crypto stream.

As aside note, countless protocols and crypto schemes that digest a hash and encrypt it were humiliated in the wild. I would suggest taking the beaten path and use well established industry standards::

Use a HMAC, see HMACMD5
Use an RSA signature (ie. private key encryption of an MD5 hash), and save your self from all key provisioning and master secret exchange problems, see RSACryptoServiceProvider.SignHash

Remus Rusanu 2010-04-28 23:23:07

You should not be writing any new code relying on MD5. It's deprecated, and for some extremely solid reasons. You should look at SHA-256, or at the very least SHA-1, instead

And you should take Remus' advice. Cryptography + hashes = digital signatures. Pull something down off a shelf (just not XML-Security, please!), learn it, use it, and get on to other interesting parts of your project.

Jason 2010-04-28 23:38:26

It's not unheard of with cryptographic hashes to make a hash of hashes in order to get a single item that stands in for a group of items. You should know however that you're basically doubling down on the strength of the hash. The attacker now has two chances to fiddle with your tamper detection.

Jason 2010-04-28 23:51:47

ansaurus

tags:

views:

answers:

Iterative / Additive MD5

related questions