Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MD5 Encryption 1

Status
Not open for further replies.
JCruz063

JCruz063

Programmer
Feb 21, 2003
716
US
Hi All,

For those of us working with encryption...

Does the MD5 encryption algorithm return a string of the same length regardless of how long the string-to-be-encrypted is? I need to know this because I'm going to store an encrypted string in a database and I would like to use the most appropriate data type (string type, that is). So far, I have encrypted strings of various lengths, (some, of a couple hundred characters) and the string retured by MD5 is always 32 characters long. Will this always be the case even when I encrypt a string that spans 3 pages, let's say?

Thanks!

JC

_________________________________________________
To get the best response to a question, read faq222-2244.
 
Sort by date Sort by votes
Maybe the following example could help you:
Code: 
using System.Security;
using System.Security.Cryptography;

public static void _EnDecryptString(string strInput, string key, string direction, ref string strResult)
{

	TripleDESCryptoServiceProvider des=null;
	MD5CryptoServiceProvider       hashmd5;
	byte[]                         pwdhash, buff;
	try
	{
		hashmd5 = new MD5CryptoServiceProvider();
		pwdhash = hashmd5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
		hashmd5 = null;
		des = new TripleDESCryptoServiceProvider();
		des.Key = pwdhash;
		des.Mode = CipherMode.ECB; //CBC, CFB
		if (direction=="encrypt")
		{
			des=null;
			buff = ASCIIEncoding.ASCII.GetBytes(strInput);
			strResult = Convert.ToBase64String( des.CreateEncryptor().TransformFinalBlock(buff, 0, buff.Length));

		}
		else if (direction == "decrypt")
		{
			buff = Convert.FromBase64String(strInput);
			strResult = ASCIIEncoding.ASCII.GetString( des.CreateDecryptor().TransformFinalBlock(buff, 0, buff.Length));

		}
		else
		{
			throw new Exception("_EnDecrypt():Unknown direction");

		}
	}

	finally 
	{
		if (des!=null)
		{
			des.Clear();
			des = null;
		}
	}
}

How to use:
Code: 
string strInput="Password or SQL Statement is empty! Login failed.";
string key="Today is Monday";
string strResult="";
string strResult2="";
try
{
	_cIMFCommon._EnDecryptString(strInput, key, "encrypt", ref strResult);
	_cIMFCommon._EnDecryptString(strResult, key, "decrypt", ref strResult2);
}
catch (Exception ex)
{
	string sErr= ex.Message;
}

The strResult2 is the same as strInput;
-obislavu-
 
Upvote 0 Downvote
I am back. Remove the first
des=null;
from the function that I provided in my previous post.
-obislavu-
 
Upvote 0 Downvote
JCruz063 -

First off, MD5 is a hash algorithm, not an encryption algorithm. The difference is that a hash algorithm is designed to be one-way. Going backwards from a hash value to the original text is designed to be extremely difficult, if not impossible. This means you can never decrypt a MD5 value.

If you need the ability to encrypt and decrypt, you'll want a different algorithm, such as the TripleDES that obislavu posted, or AES.

To answer your other question, MD5 does always produce 32 hexadecimal characters, so you can design your DB column for that expectation. If you change algorithms, of course, this might not be true. But for MD5 you can rest assured that it is so.

Chip H.


____________________________________________________________________
Click here to learn Ways to help with Tsunami Relief
If you want to get the best response to a question, please read FAQ222-2244 first
 
Upvote 0 Downvote
Thanks guys,

I'm sorry for not explaining myself correctly or for using the wrong words, and thank you both for bearing with me.

I don't need the ability to decrypt values. I'm using MySQL Server's MD5 function to store passwords in the database and I wanted to know which datatype I should use to store the result of the MD5 function. Because users will provide their passwords to log in, I can always generate the hash code from the password provided by the user and compare it to the hash code stored in the database. This way, there's no need to decrypt anything.

I noticed that the hash values were the same length though so I was curious as to whether the MD5 function (which is based on the MD5 algorithm) would return the same string for every password so that I could use a CHAR(32) as the data type for the field.

obislavu - Thanks for the code. I might use it later on.

chiph - Thanks for the clarification. You answered my question.

JC

_________________________________________________
To get the best response to a question, read faq222-2244.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DPaul1994
  • Locked
  • Question
SQLite encryption hashing with SHA1 or KDF
Replies
2
Views
139
DPaul1994
DPaul1994
intrex
  • Locked
  • Question
.net 2.0 Encryption Problem
Replies
0
Views
38
intrex
intrex
graabein
  • Locked
  • Question
Simple XOR encryption of string with a key 1
Replies
2
Views
182
jel
jel
hisheeraz
  • Locked
  • Question
Encryption Simple
Replies
1
Views
35
litton1
litton1
Timothylg
  • Locked
  • Question
C# and PHP MD5 functions
Replies
1
Views
79
obislavu
obislavu

Part and Inventory Search

Sponsor

Back
Top