VB.net Class for MD5
So what is it and what does it do, basically you could write a worm pretty easily to verify hashes if you so wanted, none of the information on here is meant to be used for dodgy script kiddies etc, it just illustraites weaknesses and basic programming functions and methods. Here you go….
In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant[1]; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32 digit hexadecimal number.
MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable.In 2007 a group of researchers including Arjen Lenstra described how to create a pair of files that share the same MD5 checksum.[4] In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity, and US-CERT of the the U. S. Department of Homeland Security said MD5 “should be considered cryptographically broken and unsuitable for further use.”.
Show me the code i hear you say, heres a simple console app using the functions…..
Imports System
Imports System.Security.Cryptography
Imports System.Text
Module Example
‘ Return a hash
Function getMd5Hash(ByVal input As String) As String
Dim md5Hasher As MD5 = MD5.Create()
Dim data As Byte() = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input))
Dim sBuilder As New StringBuilder()
Dim i As Integer
For i = 0 To data.Length - 1
sBuilder.Append(data(i).ToString(”x2″))
Next i
Return sBuilder.ToString()
End Function
‘ Verify a HASH and return a boolean
Function verifyMd5Hash(ByVal input As String, ByVal hash As String) As Boolean
Dim hashOfInput As String = getMd5Hash(input)
Dim comparer As StringComparer = StringComparer.OrdinalIgnoreCase
If 0 = comparer.Compare(hashOfInput, hash) Then
Return True
Else
Return False
End If
End Function
Sub Main()
Dim source As String = “Hello World!
Dim hash As String = getMd5Hash(source)
Console.WriteLine(”The MD5 hash of ” + source + ” is: ” + hash + “.”)
Console.WriteLine(”Verifying the hash…”)
If verifyMd5Hash(source, hash) Then
Console.WriteLine(”The hashes are the same.”)
Else
Console.WriteLine(”The hashes are not same.”)
End If
End Sub
End Module
I have been asked alot lately, what software do you use to write code etc, Visual Basic 2008 / Visual Studio 2008 or text pad, writing command shell code i use notepad and then encode CScript using Windows Script encoder from a cmd line..
In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant[1]; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32 digit hexadecimal number.
MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable.In 2007 a group of researchers including Arjen Lenstra described how to create a pair of files that share the same MD5 checksum.[4] In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity, and US-CERT of the the U. S. Department of Homeland Security said MD5 “should be considered cryptographically broken and unsuitable for further use.”.
Show me the code i hear you say, heres a simple console app using the functions…..
Imports System
Imports System.Security.Cryptography
Imports System.Text
Module Example
‘ Return a hash
Function getMd5Hash(ByVal input As String) As String
Dim md5Hasher As MD5 = MD5.Create()
Dim data As Byte() = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input))
Dim sBuilder As New StringBuilder()
Dim i As Integer
For i = 0 To data.Length - 1
sBuilder.Append(data(i).ToString(”x2″))
Next i
Return sBuilder.ToString()
End Function
‘ Verify a HASH and return a boolean
Function verifyMd5Hash(ByVal input As String, ByVal hash As String) As Boolean
Dim hashOfInput As String = getMd5Hash(input)
Dim comparer As StringComparer = StringComparer.OrdinalIgnoreCase
If 0 = comparer.Compare(hashOfInput, hash) Then
Return True
Else
Return False
End If
End Function
Sub Main()
Dim source As String = “Hello World!
Dim hash As String = getMd5Hash(source)
Console.WriteLine(”The MD5 hash of ” + source + ” is: ” + hash + “.”)
Console.WriteLine(”Verifying the hash…”)
If verifyMd5Hash(source, hash) Then
Console.WriteLine(”The hashes are the same.”)
Else
Console.WriteLine(”The hashes are not same.”)
End If
End Sub
End Module
I have been asked alot lately, what software do you use to write code etc, Visual Basic 2008 / Visual Studio 2008 or text pad, writing command shell code i use notepad and then encode CScript using Windows Script encoder from a cmd line..
posted by Angel Media Systems Administrator at
7/23/2009 08:56:00 AM
1 Comments:
I recently came across your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Deborah
http://maternitymotherhood.net
By
Steven, At
Wednesday, July 29, 2009 8:17:00 AM
Post a Comment
Links to this post:
Create a Link
<< Home