For a while I’ve been seeing my blog traffic and surprisingly there are some of you are landed here by searching about MD5 string hash in C#, specifically used for storing password. I wrote the first draft of that tutorial when I was still in college while learning C# as a student, so it’s really old tutorial.
As we know, MD5 isn’t recommended anymore because it is designed to be very fast and efficient. By using modern computers and techniques, it is possible to “brute force” the hash output, in order to retrieve the original input. Because of this, many security experts suggest not to use it for password hashing.
This suggestion isn’t limited to MD5 only, but also SHA1 and possibly other SHA* algorithms, too.
If you’re here to find the best practice to store password, try searching for slow hashes like bcrypt (I’ll write about that later).
This time I’d like to show you how easy it is to generate SHA* (and MD5) string hash in C#. SHA* especially is widely being used to check content integrity.
You can still use SHA* to store password, nobody can’t stop you for that. But I suggest to only use it for non-critical business application or just for learning experience, for example school project. But make sure to use better hash algorithm if you’re building a widely-used commercial software.
Creating An Empty Console Application
Let’s start this tutorial by creating a new project.
I’m going to use .NET Core for this, but you can also use any .NET Framework version 3.5 or more.
Create a new folder and move to it.
Let’s name it
Under this folder, let’s create a new console application.
After the project is created, let’s create a new file
We will fill this class with our hash functions.
Let’s first create a universal hasher function call it
This function role will be used as our base, which mean for every algorithm available, we’re going to call this function to generate hash output.
We need to pass two parameters: where
algo is hash algorithm we’re going to use and
text is user supplied string.
MD5 first by creating an
We pass this object and user-supplied text to function we wrote earlier.
Now with similar pattern, we create other functions for SHA1, SHA256, SHA384, and SHA512. You can see following snippet for those SHA* functions.
After the class is ready, we can continue to next step and test it.
See It in Action
Let’s test it by creating a simple command line application.
Program.cs and we start editing our
First let’s keep our list of hash functions in a
We can do this by creating a dictionary with
string as the key and
Func<string, string> as the value.
Next, we need to make some rule of checks.
We need exactly 2 arguments: algorithm and text.
Check algorithm if it’s in
Dictionary object we created earlier, make sure it exists.
If one of above rules isn’t met, we quit the program.
Finally, we can get string hash and print it using following snippet.
Let’s build it and open your terminal.
Head to your binary folder, usually at
You can run this binary using following format.
Let’s test it by using a string mypassword. You can see the following snippet to see expected results.
Try compare the result with some kind of online hash generator and see if it produces the same result.
That’s it, now you know how to generate SHA* and MD5 string easily in C#. Please remember that it’s not recommended to use it for password store. You can use it for content integrity or something else. I’ll write about best practice password storing in C#.
Thanks for reading and Happy Coding!
- Use Bcrypt or Scrypt Instead of SHA* for Your Passwords, Please! - Rietta
- Password Hashing - PHP Manual
Fixing 'Managed Debugging Assistant LoaderLock' Error
Getting error while developing a software with DirectX API using latest Visual Studio? This might be the solution