I am considering changing the method whereby we encrypt passwords to use a one-way hash rather than an encryption. I considered using a simple "GetHashCode" on the password string but MS warns that this function may change in the future and is different on 32 and 64-bit OSs. I don't want the result to ever be different as this would result in all the passwords in the database no longer matching when I have the entered value (e.g. when we all move to .NET 9.0 or something).
So, does a SHA1 Hash eliminate this problem? For example, if I use this C# code:
var data = System.Text.Encoding.ASCII.GetBytes(value);
data = System.Security.Cryptography.SHA1.Create().ComputeHash(data);
return Convert.ToBase64String(data);
will the value always and forever be the same result? I am not too worried about a collision in a space this big but is there any other reason to consider a wider hash? Thanks in advance!
Yes.
Unlike GetHashCode, SHA-1 is a fixed algorithm, just like MD5 and SHA-256, all of which have been "standardized".