I can't see any way to salt a MD5.ComputeHash(Stream).
Am I missing some way of injecting bytes into the HashAlgorithm?
I tried performing a ComputeHash(byte[]) before performing the stream compute, but, unsurprisingly, it had no effect. Any ideas (apart from modifying the file)?
Thanks for your time.
addendum
Just to be a little more specific, I want to use a stream to get a hash on a large file that I don't want to load into memory.
FileInfo myFI= new FileInfo("bigfile.dat");
FileStream myIFS = piFile.OpenRead();
MD5 md5 = MD5.Create();
byte[] hash = md5.ComputeHash ( myIFS );
myIFS.Close ();
解决方案
The answer to the lack of examples is in my opinion: you don't really need to salt it.
The hash algorithm like MD5 takes a table of bytes of arbitrary length and converts it to a table of bytes of known length - the operation is not easily reversible and small changes to the input table cause unpredictable changes in the output table:
input => MD5 => output
The purpose of salting is protection against attacks where user has already precomputed table of hash results (rainbow tables). By introducing small changes in the input, the results are change drastically, so even if attacker knows the hash result and the salt, it is very difficult to guess the input:
input + salt => MD5 => output
The reason for hashing files is to compute a checksum. E.g. you publish a file on your web page along with the hash result. User then downloads a file, runs it through MD5 and compares the result with your published result. It would be very difficult to tamper with the file, because each manipulation would change the resulting hash.
Salting is not necessary here, because you would have to publish the salt with the resulting hash, so that the user can repeat the hashing operation.
If you really need to introduce salting, just change the input stream in the repeatable way, e.g. add one (with overflow) to each byte.
1131
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
