55

I have some string and I want to hash it with the SHA-256 hash function using C#. I want something like this:

 string hashString = sha256_hash("samplestring");

Is there something built into the framework to do this?

Dmitry Bychenko
  • 165,109
  • 17
  • 150
  • 199
Dariush Jafari
  • 4,662
  • 6
  • 38
  • 66
  • 2
    http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256.aspx . -1. – It'sNotALie. Jun 08 '13 at 12:06
  • 2
    Hashes work on bytes, not strings. So you first need to choose an encoding that transforms the string into bytes. I recommend UTF-8 for this. – CodesInChaos Jun 09 '13 at 11:04
  • Something tells me that people reading this post should also check: https://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms – Ziezi Aug 18 '17 at 21:29
  • 1
    I'm curious why this question remains closed. It's a reasonable question with good working answers. Voting to re-open. – Sergey Kalinichenko Apr 20 '18 at 09:12

3 Answers3

141

The implementation could be like that

public static String sha256_hash(String value) {
  StringBuilder Sb = new StringBuilder();

  using (SHA256 hash = SHA256Managed.Create()) {
    Encoding enc = Encoding.UTF8;
    Byte[] result = hash.ComputeHash(enc.GetBytes(value));

    foreach (Byte b in result)
      Sb.Append(b.ToString("x2"));
  }

  return Sb.ToString();
}

Edit: Linq implementation is more concise, but, probably, less readable:

public static String sha256_hash(String value) {
  using (SHA256 hash = SHA256Managed.Create()) {
    return String.Concat(hash
      .ComputeHash(Encoding.UTF8.GetBytes(value))
      .Select(item => item.ToString("x2")));
  }
}

Edit 2: .NET Core , .NET5, .NET6 ...

public static String sha256_hash(string value)
{
    StringBuilder Sb = new StringBuilder();

    using (var hash = SHA256.Create())            
    {
        Encoding enc = Encoding.UTF8;
        byte[] result = hash.ComputeHash(enc.GetBytes(value));

        foreach (byte b in result)
            Sb.Append(b.ToString("x2"));
    }

    return Sb.ToString();
}
Enrico
  • 1,942
  • 1
  • 18
  • 33
Dmitry Bychenko
  • 165,109
  • 17
  • 150
  • 199
  • 2
    how would you decrypt the hash back into the password? – daniel metlitski Mar 15 '17 at 17:43
  • 22
    @daniel metlitski: you *can't*: hash is *one way function*, you can compute hash but can't obtain the argument back. When registering a new user, store not password but its hash; on authentication, compute hash on the password provided and compare the hash with the stored hash. – Dmitry Bychenko Mar 15 '17 at 19:26
  • @JuliusHolmberg: you have to 1. *Allocate resources* (`using`), 2. Deal with `bytes`: `Encoding` as well as `GetBytes` 3. Represent the outcome as a `string` - `StringBuilder` and `ToString("x2")` – Dmitry Bychenko Oct 09 '17 at 13:25
  • string.Join maybe? – Mikael Dúi Bolinder Aug 03 '18 at 13:05
  • `string.Concat` is shorter and more readable: just concat without any delimiter – Dmitry Bychenko Aug 03 '18 at 14:23
  • I would NOT recommend to store passwords using a simple hash. Actually just use a library that has the logic to store passwords (like identity). Even though you can't "decrypt" back you can use a dictionary attack with millions of common passwords whose hash are known. In order to avoid this you need to use hash + salt. You also need to store the salt securely. And there is probably more than I'm missing security-wise. Please use a library instead of trying to store passwords yourself. – Felipe Suárez May 07 '22 at 19:34
3

This is a much nicer/neater way in .net core:

public static string sha256_hash( string value )
{
  using var hash = SHA256.Create();
  var byteArray = hash.ComputeHash( Encoding.UTF8.GetBytes( value ) );
  return Convert.ToHexString( byteArray ).ToLower();
}
Samuel Johnson
  • 91
  • 8
0

I was looking for an in-line solution, and was able to compile the below from Dmitry's answer:

public static String sha256_hash(string value)
{
    return (System.Security.Cryptography.SHA256.Create()
            .ComputeHash(Encoding.UTF8.GetBytes(value))
            .Select(item => item.ToString("x2")));
}
aaronsteers
  • 1,704
  • 1
  • 14
  • 32
  • This implementation seems wrong to me. That select Returns `IEnumerable`. And you copy-pasted a terrible naming convention. – El Mac Jul 18 '18 at 13:26
  • This is actually the best answer just missing one function call. Here is what worked for me: return String.Concat((System.Security.Cryptography.SHA256.Create() .ComputeHash(Encoding.UTF8.GetBytes(value)) .Select(item => item.ToString("x2")))); – jjthebig1 Aug 10 '21 at 12:53
  • I like it because it's single line and doesn't need a function by itself. – jjthebig1 Aug 10 '21 at 12:54