i finally finished (very late) writing up my submissions for the SoCal edition of the MSDN Flash e-mail newsletter that will come out next Monday.

i almost missed getting this blurb in for the upcoming meeting of the San Diego .NET User Group so i'll add this in here too:

San Diego .NET User Group meeting – BizTalk Server 2004 and SQL Server 2000 Reporting Services 
February 24, San Diego, CA
Author and INETA President Brian Loesgen will provide an overview of BizTalk Server 2004, highlighting its Web services integration and orchestration capabilities via several real world, practical usage examples. Additionally, trainer Bret Stateham will demonstrate the newly released SQL Server 2000 Reporting Services tool and its integration with Visual Studio .NET.

For more information, http://www.sandiegodotnet.com/

here's the developer to developer article that i wrote for inclusion in the MSDN Flash:

Developer to developer…

Hash functions are one of the topics that I cover in the current cycle of MSDN Events developer seminars that I am completing this week in Bakersfield and Santa Maria. The discussions during the seminars seem to have generated a lot of interest so I thought I’d write about them here.

 

Hash functions are essentially used to map an input string of an arbitrary length to a small output string of fixed length, the hash value. A hash function suitable for use cryptographically has the additional properties that it is computationally infeasible of generating the same hash value from two distinct inputs and further, small incremental differences in the input strings will generate large, unpredictable changes in the output values. These properties make hash functions useful in cryptography for digital signatures and data validation.

 

In the Visual Basic and C# code samples below, you can see how to use the ComputeHash method to generate hash values. SHA1CryptoServiceProvider() is one of the abstract implementation classes of the HashAlgorithm abstract base class, part of  the System.Security.Cryptography namespace of the .NET Framework.

[Visual Basic] 
Dim sha As New SHA1CryptoServiceProvider()
Dim result As Byte() = sha.ComputeHash(dataArray)
[C#] 
HashAlgorithm sha = new SHA1CryptoServiceProvider();
byte[] result = sha.ComputeHash(dataArray);

 

Other algorithm implementations available include MD5CryptoServiceProvider, SHA256Managed, SHA384Managed, SHA384Managed, and SHA512Managed, which respectively generate hash values of 128, 256, 384 and 512 bit lengths. The SHA-1 algorithm computes a 160 bit long hash value.

 

In cryptographic usage, hash values are a better alternative to storing passwords as clear text strings in a database store. The distinguishing properties of cryptographic hash functions make them a good choice for keeping strings like passwords safer but still useful for validating user credentials.

 

Hash functions are fundamental to modern cryptography. If you would like to find out more about how to use them more securely in conjunction with a database store of user passwords as part of a forms-based authentication implementation, please join me at my MSDN Events developer seminars in Bakersfield or Santa Maria. Otherwise, I’ll also demonstrate this in abbreviated form in the Web track of DevDays 2004 at the Los Angeles Convention Center on March 15.