Generating hash values for strings (VB.net)

The .net framework offers many powerful hashing functions that Visual Basic programmers can add in their applications. Hashing values work by assigning numbers to data through a mathematical process. If the data is later changed, the hash value should change as well. Since hashing algorithms are good at identifying modified data, they are very useful in security applications. In fact, many anti-virus applications use hashing algorithms to detect virus files, and hashing is also frequently used in cryptography to detect altered encrypted documents. Thanks to the .net library, Visual Basic programmers can use hashing algorithms with only a few lines of code.


For programmers who want to understand how hashing works, I'm going to explain the process of a very weak hashing algorithm. A rudimentary hash function can be created by summing the ASCII (American Standard Code For Information Interchange) values of every byte of data in a string. For example, the character 'A' has an ASCII value of 65, and the character '5' has the ASCII value of 53. The hash value of the string “A5” would be 65+53 = 118. If the string is changed to “A4”, the hash value is changed to 65+52 = 117; therefore, we would be able to detect the modification of our data.

Note: Individual characters can be displayed in visual basic with the Asc function or obtained in the character map in the start menu. Example: MsgBox(Asc("A"))

While our rudimentary hash function works, it has one major problem. What happens if someone changes the string to “K+”? Our hashing function would generate the value 75 + 43 = 118! This problem is referred to as a collision (two different strings that produce the same hash value), and our simple hashing example has many collisions. Unlike our example, the hash functions provided by the .Net library are mathematically construct to have very few possible collisions.

The .Net framework provides several different hash functions that visual basic programmers can implement into their applications. Like encryption, Greater bit sizes usually correspond to greater protection. The following is a list of the different hash functions and hash value sizes that are defined in the namespace Security.Cryptography.

1. SHA-1, Generates 160 bit hash values.

2. SHA-256, Generates 256 bit hash values.

3. SHA-384, Generates a 384 bit hash value.

4. SHA-512, Generates a 512 bit hash value.

5. MD5, Generates 128 bit hash values.

Finally, the following function illustrates how visual basic programmers can use the hash functions provided by the .Net framework. The function accepts string input and outputs the hash value of it.

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

'Function GenerateHash

'Purpose: Generate a hash value for string data.

'Input: strbuffer, a string varable of text to be hashed.

'Output: The hash value in a base64 encoded string.

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Private Function GenerateHash(ByRef strbuffer As String) As String

'Encoder is used to convert strings into btyes and vise versa

Dim myEncoder As New System.Text.UnicodeEncoding

'The hash function expects the input to be in bytes.

Dim myBuffer() As Byte = myEncoder.GetBytes(strbuffer)

'Here we dimension our MD5 hash function.

'Uncomment other algorithms to try them out.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Dim myhash As New Security.Cryptography.SHA512Managed

'Dim myHash As New Security.Cryptography.MD5CryptoServiceProvider

'Dim myHash As New Security.Cryptography.SHA1Managed

'Dim myHash As New Security.Cryptography.SHA256Managed

'Dim myhash As New Security.Cryptography.SHA384Managed

'The following line does a few different things.

'1. It generates a hash value and returns it in bytes.

'2. The encoder is used to convert the bytes into a base

' 64 string.

'3. The function returns the string value.

GenerateHash = Convert.ToBase64String(myHash.ComputeHash(myBuffer))

End Function

When information needs to be checked for modification, it should be hashed, and the new and old hash values should be compared.

Read More......

Using Powerful Encryption in Visual Basic

From time to time, visual basic programmers need the ability to secure information. When security is needed in software, many visual basic programmers create childishly simple algorithms that can be easily broken; however, programmers have another option to secure information. Visual basic programmers can add powerful encryption to their programs when they plug their software into the CAPICOM library that is provided in the platform SDK by Microsoft.

Programmers must install the platform software development kit from the Microsoft web site before they can use CAPICOM library. Since Microsoft frequently changes its URLs, programmers should just do a search for platform SDK on the Microsoft web site. Since the platform SDK comes with an easy to use setup, vb programmers should have no trouble installing the kit.

After the platform software development kit has been installed, programmers can simply plug the library into their software. In visual basic, programmers should go to the menu and select project->references and select the COM tab. In the list of components, programmers should select “CAPICOM Type Library” and hit ok; now, programmers should be able to call CAPICOM functions from their software project.

After the CAPICOM library has been incorporated into the software project, programmers can encrypt and decrypt information with ease. For example, programmers can experiment with the following code.

Test Form Setup:
Programmers should add two text boxes and two command buttons to a standard form. The first text box should be large because it is going to hold the message.

Text Box 1. Name=txtMessage, text=nothing, Multiline=true
Text Box 2. Name=txtPassword, text=nothing, passwordchar=*
Command Button 1. Name=cmdDecrypt, text = Decrypt
Command Button 2. Name = cmdEncrypt, text = Encrypt

After programmers have added the above components to their form, they can paste the following code into the form's module.

Private Sub cmdDecrypt_Click() 'Make sure we have entered all the information: If txtMessage.Text <> "" And txtPassword <> "" Then 'This is our encryption object Dim DecryptData As New EncryptedData 'We send the object the password to use to unlock the encryption: DecryptData.SetSecret (txtPassword.Text) 'Send the ciphertext to the object and tell it to decrypt it. DecryptData.Decrypt (txtMessage.Text) 'Get our plaintext from the object txtMessage.Text = DecryptData.Content End If End Sub Private Sub cmdEncrypt_Click() 'Make sure we have entered all the information: If txtMessage.Text <> "" And txtPassword <> "" Then 'This is our encryption object Dim encryptdata As New EncryptedData 'Before we can start encrypting, we got to define the 'algorithm, keysize, and the password (Used to generate key) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 'Algorithm to use: AES (Advanced Encryption Standard) encryptdata.Algorithm = CAPICOM_ENCRYPTION_ALGORITHM_AES 'You could also use: ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 'encryptdata.Algorithm =CAPICOM_ENCRYPTION_ALGORITHM_3DES 'encryptdata.Algorithm = CAPICOM_ENCRYPTION_ALGORITHM_DES 'encryptdata.algorithm = CAPICOM_ENCRYPTION_ALGORITHM_RC2 'encryptdata.Algorithm = CAPICOM_ENCRYPTION_ALGORITHM_RC4 'Next we set our key size, which is a no brainer to put to max. encryptdata.Algorithm.KeyLength = CAPICOM_ENCRYPTION_KEY_LENGTH_MAXIMUM 'Next we set our secret password to unlock the message. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''' encryptdata.SetSecret (txtPassword.Text) 'We send the object the plaintext scramble: encryptdata.Content = txtMessage.Text 'Return message as base64 txtMessage.Text = encryptdata.Encrypt(CAPICOM_ENCODE_BASE64) End If End Sub

Read More......