This method creates a one-way hash of an input string useful for passwords or authorization tokens using any of the following hashing algorithms: MD5, SHA1, SHA256, SHA384, SHA512, HMACMD5, HMACSH1, HMACSHA256, HMAC384, HMAC512.
The HMAC Versions require that you pass a hash salt value.
You can provide an optional salt to further randomize the hash. It's recommended you use a unique Salt for each hash you create, such as a user id when password hashing for example.
o.ComputeHash(lcText, lcAlgorithm, lvHashSalt)
Base64 encoded string of the hash
Text to hash
The has algorith used. Valid values include: MD5, SHA1, SHA256, SHA384, SHA512, HMACSH1, HMACSHA256, HMAC384, HMAC512
A string or binary value that is used to salt the hash. For best security use a custom salt for each value generated. For example when generating a password, salt the hash with the user ID.
For HMAC providers the HashSalt is required.
For non-HMAC providers the HashSalt is optional. If not provided only the raw Hash algorithm is applied without any salting. If a HashValue is provided a simple multi-step salting process is applied.
The HMAC versions require a HashSalt value while it's optional for the other providers. HMAC uses a known multiple rehashing algorithm to hash a salt value and apply it to the value to hash. If you provide a hash value for other providers a much simpler hash salting algorithm is used. If you use one of the non-HMAC providers without a HashSalt just the raw Hash algorithm without salt is applied.
*** Best Practice is to create Hashes with a UNIQUE Salt: lcPassword = "seeekrit" loUser = GetUser("1233") loUser.Password = o.ComputeHash(lcPassword,"SHA256",loUser.cUserId) loUser.Save() ... *** To check for a password lcPassword = "seeekrit" loUser.GetUserByUserName("Rick") if(loUser.cPassword == o.ComputeHash(lcPassword,"SHA256",loUser.cUserId)) ? "Password is valid!" endif *** Other Examples ? ? "Hash using global Salt embedded in DLL:" ? o.ComputeHash(lcOriginal,"MD5") ? o.ComputeHash(lcOriginal,"SHA256") ? o.ComputeHash(lcOriginal,"SHA512") ? ? "Hash using explicit Salt:" ? o.ComputeHash(lcOriginal2,"MD5",lcSecretSalt) ? o.ComputeHash(lcOriginal2,"SHA256",lcSecretSalt) ? o.ComputeHash(lcOriginal2,"SHA512",lcSecretSalt) ? ? "Hash using globally assigned salt:" *** Set global secret key so you don't have to pass lcSecretHash *** but still use your custom key o.SetComputeHashSaltBytes("$$Different_Sekrit02!!") *** Using a secret hash - you can pass string or byte data ? o.ComputeHash(lcOriginal2,"MD5") ? o.ComputeHash(lcOriginal2,"SHA256") ? o.ComputeHash(lcOriginal2,"SHA512")
See also:Class wwEncryption
Comment or report problem with topic