Thursday, June 11, 2009

Generating hash values for strings (

The .net framework offers many powerful hashing functions that Visual Basic programmers can add in their applications. Hashing values work by assigning numbers to data through a mathematical process. If the data is later changed, the hash value should change as well. Since hashing algorithms are good at identifying modified data, they are very useful in security applications. In fact, many anti-virus applications use hashing algorithms to detect virus files, and hashing is also frequently used in cryptography to detect altered encrypted documents. Thanks to the .net library, Visual Basic programmers can use hashing algorithms with only a few lines of code.

For programmers who want to understand how hashing works, I'm going to explain the process of a very weak hashing algorithm. A rudimentary hash function can be created by summing the ASCII (American Standard Code For Information Interchange) values of every byte of data in a string. For example, the character 'A' has an ASCII value of 65, and the character '5' has the ASCII value of 53. The hash value of the string “A5” would be 65+53 = 118. If the string is changed to “A4”, the hash value is changed to 65+52 = 117; therefore, we would be able to detect the modification of our data.

Note: Individual characters can be displayed in visual basic with the Asc function or obtained in the character map in the start menu. Example: MsgBox(Asc("A"))

While our rudimentary hash function works, it has one major problem. What happens if someone changes the string to “K+”? Our hashing function would generate the value 75 + 43 = 118! This problem is referred to as a collision (two different strings that produce the same hash value), and our simple hashing example has many collisions. Unlike our example, the hash functions provided by the .Net library are mathematically construct to have very few possible collisions.

The .Net framework provides several different hash functions that visual basic programmers can implement into their applications. Like encryption, Greater bit sizes usually correspond to greater protection. The following is a list of the different hash functions and hash value sizes that are defined in the namespace Security.Cryptography.

  1. SHA-1, Generates 160 bit hash values.

  2. SHA-256, Generates 256 bit hash values.

  3. SHA-384, Generates a 384 bit hash value.

  4. SHA-512, Generates a 512 bit hash value.

  5. MD5, Generates 128 bit hash values.

Finally, the following function illustrates how visual basic programmers can use the hash functions provided by the .Net framework. The function accepts string input and outputs the hash value of it.


'Function GenerateHash

'Purpose: Generate a hash value for string data.

'Input: strbuffer, a string varable of text to be hashed.

'Output: The hash value in a base64 encoded string.


Private Function GenerateHash(ByRef strbuffer As String) As String

'Encoder is used to convert strings into btyes and vise versa

Dim myEncoder As New System.Text.UnicodeEncoding

'The hash function expects the input to be in bytes.

Dim myBuffer() As Byte = myEncoder.GetBytes(strbuffer)

'Here we dimension our MD5 hash function.

'Uncomment other algorithms to try them out.


Dim myhash As New Security.Cryptography.SHA512Managed

'Dim myHash As New Security.Cryptography.MD5CryptoServiceProvider

'Dim myHash As New Security.Cryptography.SHA1Managed

'Dim myHash As New Security.Cryptography.SHA256Managed

'Dim myhash As New Security.Cryptography.SHA384Managed

'The following line does a few different things.

'1. It generates a hash value and returns it in bytes.

'2. The encoder is used to convert the bytes into a base

' 64 string.

'3. The function returns the string value.

GenerateHash = Convert.ToBase64String(myHash.ComputeHash(myBuffer))

End Function

When information needs to be checked for modification, it should be hashed, and the new and old hash values should be compared.

No comments:

Post a Comment