C# ASP.NET Core 2 HashAlgorithm

3

I have an ASP.Net MVC project which works fine when using HashAlgorithm, but I am trying to replicate this same project in ASP.Net Core2 and I am getting the following error:

System.PlatformNotSupportedException HResult=0x80131539 Message=Operation is not supported on this platform. Source=System.Security.Cryptography.Primitives StackTrace: at System.Security.Cryptography.HashAlgorithm.Create(String hashName) at Hash.Program.EncodePassword(String pass, String salt)

My code:

public static string GeneratePassword(int saltlength) //length of salt
{
    const string chars = "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ0123456789";
    var randNum = new Random();
    var passwordSalt = new char[saltlength];

    for (var i = 0; i <= saltlength - 1; i++) {
        passwordSalt[i] = chars[Convert.ToInt32((chars.Length) * randNum.NextDouble())];
    }
    return new string(passwordSalt);
}
public static string EncodePassword(string pass, string salt) //encrypt password
{
    byte[] bytes = Encoding.Unicode.GetBytes(pass);
    byte[] src = Encoding.Unicode.GetBytes(salt);
    byte[] dst = new byte[src.Length + bytes.Length];
    Buffer.BlockCopy(src, 0, dst, 0, src.Length);
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
    HashAlgorithm algorithm = HashAlgorithm.Create("MD5");
    if (algorithm != null) {
        byte[] inArray = algorithm.ComputeHash(dst);
        var encodedPassword = Convert.ToBase64String(inArray);
        return encodedPassword;
    }
    return pass;
}

Any suggestion on how to fix this error?

c#
asp.net-mvc
asp.net-core
.net-core
asked on Stack Overflow Aug 3, 2018 by Krishneil • edited Aug 3, 2018 by Draken

3 Answers

3

There is a github issue for this problem which provides a workaround:

Workaround is to call (HashAlgorithm)CryptoConfig.CreateFromName(string), though calling CryptoConfig directly is generally discouraged.

answered on Stack Overflow Aug 3, 2018 by Lennart Stoop • edited Aug 3, 2018 by Draken
2

To create an MD5 hash object, use MD5.Create(). The only reason to use CryptoConfig or HashAlgorithm.Create(String) is when handling dynamic needs.

answered on Stack Overflow Aug 5, 2018 by bartonjs
1

As pointed out in other answers it's not a good idea to use MD5 as a hashing algorithm for passwords because it is too easy to crack. And while saying MD5 is insecure in general is not entirely correct, it is insecure for password hashing.

Basically a problem with simple hashing like that it is too cheap to run one iteration. That's why something named Key Derivation Function used for that purpose. The idea is that you need a CPU intensive algorithm (with multiple iterations) to do the hashing. While it's quite transparent for one user (let's say e.g. 100 milliseconds), it's too expensive to crack.

.Net has built in Rfc2898DerivedBytes for that. It's not the easiest class to use, so I have made a little library on top of this class: SimpleHashing.Net.

You can either use it directly or just use the code if you need .Net Standard. Did not have time to compile it as Standard yet.

answered on Stack Overflow Aug 3, 2018 by Ilya Chernomordik

User contributions licensed under CC BY-SA 3.0