wwEncryption::ComputeHash

This method creates a one-way hash of an input string useful for passwords or authorization tokens using any of the following hashing algorithms: MD5, SHA1, SHA256, SHA384, SHA512, HMACMD5, HMACSHA1, HMACSHA256, HMAC384, HMAC512.

The HMAC Versions require that you pass a hash salt value.

You can provide an optional salt to further randomize the hash. It's recommended you use a unique Salt for each hash you create, such as a user id when password hashing for example.

o.ComputeHash(lcText, lcAlgorithm, lvHashSalt)

Return Value

Base64 encoded string of the hash

Parameters

lcText
Text to hash

lcAlgorithm
The has algorith used. Valid values include: MD5, SHA1, SHA256, SHA384, SHA512, HMACSH1, HMACSHA256, HMAC384, HMAC512

lvHashSalt
A string or binary value that is used to salt the hash. For best security use a custom salt for each value generated. For example when generating a password, salt the hash with the user ID.

For HMAC providers the HashSalt is required.

For non-HMAC providers the HashSalt is optional. If not provided only the raw Hash algorithm is applied without any salting. If a HashValue is provided a simple multi-step salting process is applied.

Remarks

The HMAC versions require a HashSalt value while it's optional for the other providers. HMAC uses a known multiple rehashing algorithm to hash a salt value and apply it to the value to hash. If you provide a hash value for other providers a much simpler hash salting algorithm is used. If you use one of the non-HMAC providers without a HashSalt just the raw Hash algorithm without salt is applied.

Example

*** Best Practice is to create Hashes with a UNIQUE Salt:
lcPassword = "seeekrit"
loUser = GetUser("1233")
loUser.Password =  o.ComputeHash(lcPassword,"SHA256",loUser.cUserId)
loUser.Save()

...

*** To check for a password
lcPassword = "seeekrit"

loUser.GetUserByUserName("Rick")
if(loUser.cPassword == o.ComputeHash(lcPassword,"SHA256",loUser.cUserId))
   ? "Password is valid!"
endif


*** Other Examples
?
? "Hash using global Salt embedded in DLL:"
? o.ComputeHash(lcOriginal,"MD5")
? o.ComputeHash(lcOriginal,"SHA256")
? o.ComputeHash(lcOriginal,"SHA512")

?
? "Hash using explicit Salt:"
? o.ComputeHash(lcOriginal2,"MD5",lcSecretSalt)
? o.ComputeHash(lcOriginal2,"SHA256",lcSecretSalt)
? o.ComputeHash(lcOriginal2,"SHA512",lcSecretSalt)


?
? "Hash using globally assigned salt:"
*** Set global secret key so you don't have to pass lcSecretHash
*** but still use your custom key
o.SetComputeHashSaltBytes("$$Different_Sekrit02!!")

*** Using a secret hash - you can pass string or byte[] data
? o.ComputeHash(lcOriginal2,"MD5")
? o.ComputeHash(lcOriginal2,"SHA256")
? o.ComputeHash(lcOriginal2,"SHA512")

See also:

Class wwEncryption

© West Wind Technologies, 1996-2018 • Updated: 10/11/18
Comment or report problem with topic