This method creates a one-way hash of an input string useful for passwords or authorization tokens using any of the following hashing algorithms: MD5, SHA1, SHA256, SHA384, SHA512, HMACMD5, HMACSHA1, HMACSHA256, HMAC384, HMAC512.
The HMAC Versions require that you pass a hash salt value.
You can provide an optional salt to further randomize the hash. It's recommended you use a unique Salt for each hash you create, such as a user id when password hashing for example.
What you want is really what we've been talking about. The number of items in this list will get large quickly but we can still resolve all the overhead if we're careful.
o.ComputeHash(lcText, lcAlgorithm, lvHashSalt)
Base64 encoded string of the hash
Text to hash
The has algorith used. Valid values include: MD5, SHA1, SHA256, SHA384, SHA512, HMACSH1, HMACSHA256, HMAC384, HMAC512
A string or binary value that is used to salt the hash. For best security use a custom salt for each value generated. For example when generating a password, salt the hash with the user ID.
For HMAC providers the HashSalt is required.
For non-HMAC providers the HashSalt is optional. If not provided only the raw Hash algorithm is applied without any salting. If a HashValue is provided a simple multi-step salting process is applied.
The HMAC versions require a HashSalt value while it's optional for the other providers. HMAC uses a known multiple rehashing algorithm to hash a salt value and apply it to the value to hash. If you provide a hash value for other providers a much simpler hash salting algorithm is used. If you use one of the non-HMAC providers without a HashSalt just the raw Hash algorithm without salt is applied.
*** Best Practice is to create Hashes with a UNIQUE Salt: lcPassword = "seeekrit" loUser = GetUser("1233") loUser.Password = o.ComputeHash(lcPassword,"SHA256",loUser.cUserId) loUser.Save() ... *** To check for a password lcPassword = "seeekrit" loUser.GetUserByUserName("Rick") if(loUser.cPassword == o.ComputeHash(lcPassword,"SHA256",loUser.cUserId)) ? "Password is valid!" endif *** Other Examples ? ? "Hash using global Salt embedded in DLL:" ? o.ComputeHash(lcOriginal,"MD5") ? o.ComputeHash(lcOriginal,"SHA256") ? o.ComputeHash(lcOriginal,"SHA512") ? ? "Hash using explicit Salt:" ? o.ComputeHash(lcOriginal2,"MD5",lcSecretSalt) ? o.ComputeHash(lcOriginal2,"SHA256",lcSecretSalt) ? o.ComputeHash(lcOriginal2,"SHA512",lcSecretSalt) ? ? "Hash using globally assigned salt:" *** Set global secret key so you don't have to pass lcSecretHash *** but still use your custom key o.SetComputeHashSaltBytes("$$Different_Sekrit02!!") *** Using a secret hash - you can pass string or byte data ? o.ComputeHash(lcOriginal2,"MD5") ? o.ComputeHash(lcOriginal2,"SHA256") ? o.ComputeHash(lcOriginal2,"SHA512")
See also:Class wwEncryption
Comment or report problem with topic