Use md5 to encrypt the password in asp.net .core

Question

I would like to change the password encryption method in asp.net .core, I would like to use md5 to encrypt the password without losing all the advantages offered by the framework.

I have already created the methods of crypt and verification of the password but, in the application I have lost all the controls of authorization in the controllers and of verification of the authentication of the user, can someone help me?

MD5 is a *one-way hash*. It is not encryption. Secondly, MD5 is not cryptographically secure and shouldn't be used to secure anything. Use SHA-2 or higher. — , Aug 01 '19 at 13:39
I agree with you but, the choice of MD5 does not depend on me, I have to rely on an already existing db where the passwords are in md5. — Rob.Core, Aug 01 '19 at 13:48
Is this an upgrade (i.e. can you change the hashes to a new system) or do you need MD5 for compatibility with another system? — ProgrammingLlama, Aug 01 '19 at 13:49
The db is used by another java application, unfortunately md5 change is not possible. — Rob.Core, Aug 01 '19 at 13:58
Sorry, I need to sleep now. [This question](https://stackoverflow.com/questions/37642684/asp-net-identity-change-password-hashing-method) might be a starting point. — ProgrammingLlama, Aug 01 '19 at 14:16

Hamid · Answer 1 · 2019-09-21T11:25:45.290

MD5 is a hash algorithm!

Hash algorithms (like SHA256, SHA512, MD5) map binary strings of an arbitrary length to small binary strings of a fixed length.

Encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key.

Use MD5 only for compatibility with legacy applications and data, But still if you want to hash a plain text using md5 u can use below sample code:

using System;
using System.Text;
using System.Security.Cryptography;

public class Program
{
    public static void Main()
    {
         string source = "Hello World!";
            using (MD5 md5Hash = MD5.Create())
            {
                string hash = GetMd5Hash(md5Hash, source);
                Console.WriteLine("The MD5 hash of " + source + " is: " + hash + ".");
            }
    }
      static string GetMd5Hash(MD5 md5Hash, string input)
        {
            // Convert the input string to a byte array and compute the hash.
            byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
            StringBuilder sBuilder = new StringBuilder();
            for (int i = 0; i < data.Length; i++)
            {
                sBuilder.Append(data[i].ToString("x2"));
            }
            return sBuilder.ToString();
        }
}

For complete understanding about this topic u can follow below link that I copy it from Microsoft docs: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.md5?view=netframework-4.8

Tropin Alexey · Answer 2 · 2020-11-03T10:04:44.713

Same as @Hamid but with extension

public static class StringExtension
{
    public static string GetMd5Hash(this string input)
    {
        using MD5 md5Hash = MD5.Create();
        byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
        StringBuilder sBuilder = new StringBuilder();

        for (int i = 0; i < data.Length; i++)
        {
            sBuilder.Append(data[i].ToString("x2"));
        }
        return sBuilder.ToString();
    }
}

So, you can use it like var encodedPassword = password.GetMd5Hash();

This kind of using is availible from above c# version 7.3

Use md5 to encrypt the password in asp.net .core

2 Answers2

Linked