Simple MD5 hashes in VB.NET

MD5 (Message Digest) hashes are a simple, efficient way to encode/encrypt information to be passed around. Rather than containing the data itself, an MD5 hash is merely a fingerprint of the information. The hash cannot be decrypted, but is instead compared to other hashed values for verification. This can be a handy tool when authenticating a user’s entered password as one simple example.

Here is a very efficient, simple function that can be used to generate an MD5 hash for a given string…

VB.NET 3.5 Code:

Public Function hashGen( _
ByVal sourceText As String) _
As String
    ' retrieve byte array based on source text, then
    ' compute hash and convert to string
    Return Convert.ToBase64String(New MD5CryptoServiceProvider(). _
        ComputeHash(New UnicodeEncoding().GetBytes(sourceText)))
End Function

In order to effectively use this hash value for verification, you will need a function that compares two hash values…

VB.NET 3.5 Code:

Public Function hashCompare( _
ByVal firstHash As String, _
ByVal compareText As String) _
As Boolean
    ' generate hash for compareText
    Dim compareHash = hashGen(compareText)

    ' if lengths are different, fail
    If firstHash.Length <> compareHash.Length Then
        Return False
        ' otherwise, compare value of each character
        Dim intCount As Integer = 0
        For intCount = 0 To firstHash.Length - 1
            ' fail if different
            If firstHash(intCount) <> compareHash(intCount) Then
                Return False
            End If

        Return True
    End If
End Function

These functions’ place in an authentication procedure would involve hashing a user’s entered password, for instance, and then comparing it to the hash generated from their LDAP password (or other password repository of sorts). Other examples of where MD5 may prove useful include checking sensitive user data, such as credit card numbers, home addresses, phone numbers… you name it.

Note: You may want to use the UTF8Encoding object (or some other encoder) instead of UnicodeEncoding, depending on the format of the data you will be comparing.