Using SHA-1 in .NET Core

Question

I get strange results when hashing a string in dotnet core I have found this similar question: Computing SHA1 with ASP.NET Core and have found how to convert a byte array to string in .net core

this is my code:

private static string CalculateSha1(string text)
{
    var enc = Encoding.GetEncoding(65001); // utf-8 code page
    byte[] buffer = enc.GetBytes(text);

    var sha1 = System.Security.Cryptography.SHA1.Create();

    var hash = sha1.ComputeHash(buffer);

    return enc.GetString(hash);
}

and this is my test:

string test = "broodjepoep"; // forgive me

string shouldBe = "b2bc870e4ddf0e15486effd19026def2c8a54753"; // according to http://www.sha1-online.com/

string wouldBe = CalculateSha1(test);

System.Diagnostics.Debug.Assert(shouldBe.Equals(wouldBe));

output:

��M�Hn�ѐ&��ȥGS

I have the nuget package System.Security.Cryptography.Algorithms installed (v 4.3.0)

Also tried with GetEncoding(0) to get the sys default coding. Also did not work.

A bit off-topic, but SHA-1 is being deprecated (see e.g. https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know and https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap, among others). If you need strong crypto, you should move away from SHA-1. — YSK, Nov 25 '16 at 15:00
I know, but please tell that to the external service that I am using ;-) (Dutch bank) — JP Hellemons, Nov 28 '16 at 09:23
The static `SHA512` class is supported in both .NET Core and .NET Framework. Go with it. — Nikolay Kostov, Apr 01 '19 at 11:46

score 8 · Accepted Answer · edited May 23 '17 at 11:45

8

I'm not sure how 'SHA-1 Online' represents your hash, buts since it's a hash, it can contain characters that can't be represented in a (UTF8) string. I think you're better off using Convert.ToBase64String() to easily represent the byte-array hash in a string:

var hashString = Convert.ToBase64String(hash);

To convert it back to a byte-array, use Convert.FromBase64String():

var bytes =  Convert.FromBase64String(hashString);

Also see: Converting a md5 hash byte array to a string. Which shows there a multiple ways to represent hash in a string. For example, hash.ToString("X") will use a hexadecimal representation.

Kudos for broodjepoep, by the way. :-)

edited May 23 '17 at 11:45

Community

1
1

answered Nov 22 '16 at 11:56

Henk Mollema

44,194
12
93
104

@JPHellemons I don't know what method 'SHA-1 Online' uses to convert the hash to a string, might be something else. It doesn't matter though, as long as the application know which format it is. – Henk Mollema Nov 22 '16 at 12:04
@JPHellemons: did you try `hash.ToString("X")`? – Tseng Nov 22 '16 at 12:17

score 8 · Answer 2 · edited Feb 03 '17 at 17:39

8

Solution to the issue so far:

var enc = Encoding.GetEncoding(0);

byte[] buffer = enc.GetBytes(text);
var sha1 = SHA1.Create();
var hash = BitConverter.ToString(sha1.ComputeHash(buffer)).Replace("-","");
return hash;

edited Feb 03 '17 at 17:39

zaph

111,848
21
189
228

answered Feb 03 '17 at 16:45

Victor Perez

81
1
2

1

Solution to the issue so far? @Henk Mollema answered this 22 nov 2016. – JP Hellemons Feb 06 '17 at 12:52

Using SHA-1 in .NET Core

2 Answers2

Linked