This method creates a one-way hash of an input string useful for passwords or authorization tokens using any of the following hashing algorithms: MD5, SHA1, SHA256, SHA384, SHA512, HMACMD5, HMACSH1, HMACSHA256, HMAC384, HMAC512.

The HMAC Versions require that you pass a hash salt value.

You can provide an optional salt to further randomize the hash. It's recommended you use a unique Salt for each hash you create, such as a user id when password hashing for example.

o.ComputeHash(lcText, lcAlgorithm, lvHashSalt)

Return Value

Base64 encoded string of the hash


Text to hash

The has algorith used. Valid values include: MD5, SHA1, SHA256, SHA384, SHA512, HMACSH1, HMACSHA256, HMAC384, HMAC512

A string or binary value that is used to salt the hash. For best security use a custom salt for each value generated. For example when generating a password, salt the hash with the user ID.

For HMAC providers the HashSalt is required.

For non-HMAC providers the HashSalt is optional. If not provided only the raw Hash algorithm is applied without any salting. If a HashValue is provided a simple multi-step salting process is applied.


The HMAC versions require a HashSalt value while it's optional for the other providers. HMAC uses a known multiple rehashing algorithm to hash a salt value and apply it to the value to hash. If you provide a hash value for other providers a much simpler hash salting algorithm is used. If you use one of the non-HMAC providers without a HashSalt just the raw Hash algorithm without salt is applied.


*** Best Practice is to create Hashes with a UNIQUE Salt:
lcPassword = "seeekrit"
loUser = GetUser("1233")
loUser.Password =  o.ComputeHash(lcPassword,"SHA256",loUser.cUserId)


*** To check for a password
lcPassword = "seeekrit"

if(loUser.cPassword == o.ComputeHash(lcPassword,"SHA256",loUser.cUserId))
   ? "Password is valid!"

*** Other Examples
? "Hash using global Salt embedded in DLL:"
? o.ComputeHash(lcOriginal,"MD5")
? o.ComputeHash(lcOriginal,"SHA256")
? o.ComputeHash(lcOriginal,"SHA512")

? "Hash using explicit Salt:"
? o.ComputeHash(lcOriginal2,"MD5",lcSecretSalt)
? o.ComputeHash(lcOriginal2,"SHA256",lcSecretSalt)
? o.ComputeHash(lcOriginal2,"SHA512",lcSecretSalt)

? "Hash using globally assigned salt:"
*** Set global secret key so you don't have to pass lcSecretHash
*** but still use your custom key

*** Using a secret hash - you can pass string or byte[] data
? o.ComputeHash(lcOriginal2,"MD5")
? o.ComputeHash(lcOriginal2,"SHA256")
? o.ComputeHash(lcOriginal2,"SHA512")

See also:

Class wwEncryption

© West Wind Technologies, 1996-2018 • Updated: 11/30/16
Comment or report problem with topic