From fb4818449e85c8e97ea2f66b7c8ae85096db0b8d Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Fri, 17 Jul 2020 14:20:40 -0700 Subject: [PATCH 1/8] first batch --- .../csharp/VS_Snippets_CFX/c_creatests/cs/source.cs | 2 +- .../csharp/VS_Snippets_CFX/samlattribute/cs/source.cs | 9 ++++++++- .../AssemblyName_CodeBase/CS/assemblyname_codebase.cs | 4 ++-- .../AssemblyName_KeyPair/CS/assemblyname_keypair.cs | 4 ++-- .../CS/assemblyname_setpublickey.cs | 4 ++-- .../Cryptography.PasswordDerivedbytes/CS/sample.cs | 2 ++ .../Cryptography.RSACSP.SignData1/CS/example.cs | 8 ++++++-- .../Cryptography.RSACSP.SignData2/CS/example.cs | 8 ++++++-- .../Cryptography.RSACSP.SignData3/CS/example.cs | 8 ++++++-- .../Cryptography.SmartCardCSP/CS/example.cs | 4 ++-- .../classic HashAlgorithm Example/CS/source.cs | 2 +- .../system.CodeDom.CodeDirectives/CS/codedirective.cs | 2 ++ .../visualbasic/VS_Snippets_CFX/c_creatests/vb/source.vb | 2 +- .../VS_Snippets_CFX/samlattribute/vb/source.vb | 9 ++++++++- .../AssemblyName_CodeBase/VB/assemblyname_codebase.vb | 4 ++-- .../AssemblyName_KeyPair/VB/assemblyname_keypair.vb | 4 ++-- .../VB/assemblyname_setpublickey.vb | 4 ++-- .../Cryptography.PasswordDerivedbytes/VB/sample.vb | 2 ++ .../Cryptography.RSACSP.SignData1/VB/example.vb | 8 ++++++-- .../Cryptography.RSACSP.SignData2/VB/example.vb | 8 ++++++-- .../Cryptography.RSACSP.SignData3/VB/example.vb | 8 ++++++-- .../classic HashAlgorithm Example/VB/source.vb | 2 +- .../system.CodeDom.CodeDirectives/VB/codedirective.vb | 2 ++ 23 files changed, 78 insertions(+), 32 deletions(-) diff --git a/samples/snippets/csharp/VS_Snippets_CFX/c_creatests/cs/source.cs b/samples/snippets/csharp/VS_Snippets_CFX/c_creatests/cs/source.cs index 3b0288a24f1..18a854a8795 100644 --- a/samples/snippets/csharp/VS_Snippets_CFX/c_creatests/cs/source.cs +++ b/samples/snippets/csharp/VS_Snippets_CFX/c_creatests/cs/source.cs @@ -21,7 +21,7 @@ public class Test void AddSigningCredentials(SamlAssertion assertion, SecurityKey signingKey) { SigningCredentials sc = new SigningCredentials(signingKey, - SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest); + SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); assertion.SigningCredentials = sc; } // diff --git a/samples/snippets/csharp/VS_Snippets_CFX/samlattribute/cs/source.cs b/samples/snippets/csharp/VS_Snippets_CFX/samlattribute/cs/source.cs index 6d9ce91c8b1..86f6c8dc75b 100644 --- a/samples/snippets/csharp/VS_Snippets_CFX/samlattribute/cs/source.cs +++ b/samples/snippets/csharp/VS_Snippets_CFX/samlattribute/cs/source.cs @@ -911,6 +911,8 @@ public class Elements public class ComputedKeyAlgorithms { + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. public const string PSHA1 = "http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1"; } } @@ -1054,6 +1056,8 @@ public bool ComputeKey /// Array of bytes that contain key material. public static byte[] ComputeCombinedKey(byte[] requestorEntropy, byte[] issuerEntropy, int keySize) { + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. KeyedHashAlgorithm kha = new HMACSHA1(requestorEntropy, true); byte[] key = new byte[keySize / 8]; // Final key @@ -1164,7 +1168,8 @@ protected override void OnWriteBodyContents(XmlDictionaryWriter writer) writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); // Write the wst:ComputeKey start tag. writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri); - // Write the PSHA1 algorithm value. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1); writer.WriteEndElement(); // wst:ComputedKey writer.WriteEndElement(); // wst:RequestedSecurityToken @@ -1295,6 +1300,8 @@ public static SamlSecurityToken CreateSamlToken(string stsName, samlSubjectStatements.Add(samlAttributeStatement); // Create a SigningCredentials instance from the key associated with the issuerToken. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. SigningCredentials signingCredentials = new SigningCredentials(issuerToken.SecurityKeys[0], SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs index 0ff40d2c5da..1a9105490fe 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs @@ -67,8 +67,8 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algoritm to 'SHA1'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1; + // Set the hash algoritm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256; myAssemblyName.Name = "MyAssembly"; myAssemblyName.Version = new Version("1.0.0.2001"); MakeAssembly(myAssemblyName, "MyAssembly.exe"); diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_KeyPair/CS/assemblyname_keypair.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_KeyPair/CS/assemblyname_keypair.cs index 9a65fcad947..6bc72013c11 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_KeyPair/CS/assemblyname_keypair.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_KeyPair/CS/assemblyname_keypair.cs @@ -72,8 +72,8 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algoritm to 'SHA1'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1; + // Set the hash algorithm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256; myAssemblyName.VersionCompatibility = AssemblyVersionCompatibility.SameProcess; myAssemblyName.Flags = AssemblyNameFlags.PublicKey; // Provide this assembly with a strong name. diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CS/assemblyname_setpublickey.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CS/assemblyname_setpublickey.cs index 728006436f9..cc3cd06e7bf 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CS/assemblyname_setpublickey.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CS/assemblyname_setpublickey.cs @@ -65,8 +65,8 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algoritm to 'SHA1'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1; + // Set the hash algorithm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256; myAssemblyName.VersionCompatibility = AssemblyVersionCompatibility.SameProcess; myAssemblyName.Flags = AssemblyNameFlags.PublicKey; // Get the whole contents of the 'PublicKey.snk' into a byte array. diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/CS/sample.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/CS/sample.cs index 747c2dda08f..f8cfbfd413a 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/CS/sample.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/CS/sample.cs @@ -31,6 +31,8 @@ public static void Main(String[] args) // Create the key and set it to the Key property // of the TripleDESCryptoServiceProvider object. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV); // diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs index 268e63d9957..f59488c8a16 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs @@ -70,7 +70,9 @@ public static byte[] HashAndSignBytes(byte[] DataToSign, RSAParameters Key, int RSAalg.ImportParameters(Key); // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. + // to specify the hashing algorithm. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. return RSAalg.SignData(DataToSign,Index,Length, new SHA1CryptoServiceProvider()); } catch(CryptographicException e) @@ -92,7 +94,9 @@ public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAP RSAalg.ImportParameters(Key); // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. + // to specify the hashing algorithm. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData); } catch(CryptographicException e) diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs index d8eefda8a17..2041d6da15e 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs @@ -58,7 +58,9 @@ public static byte[] HashAndSignBytes(byte[] DataToSign, RSAParameters Key) RSAalg.ImportParameters(Key); // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. + // to specify the hashing algorithm. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. return RSAalg.SignData(DataToSign, new SHA1CryptoServiceProvider()); } catch(CryptographicException e) @@ -80,7 +82,9 @@ public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAP RSAalg.ImportParameters(Key); // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. + // to specify the hashing algorithm. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData); } catch(CryptographicException e) diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs index c841f729e2c..a5794b52d08 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs @@ -75,7 +75,9 @@ public static byte[] HashAndSignBytes(Stream DataStream, RSAParameters Key) RSAalg.ImportParameters(Key); // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. + // to specify the hashing algorithm. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. return RSAalg.SignData(DataStream, new SHA1CryptoServiceProvider()); } catch(CryptographicException e) @@ -97,7 +99,9 @@ public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAP RSAalg.ImportParameters(Key); // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. + // to specify the hashing algorithm. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData); } catch(CryptographicException e) diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CS/example.cs index d961da37ad2..2a46bf431c9 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CS/example.cs @@ -30,12 +30,12 @@ static void Main(string[] args) Console.WriteLine("Data : " + BitConverter.ToString(data)); // Sign the data using the Smart Card CryptoGraphic Provider. - byte[] sig = rsa.SignData(data, "SHA1"); + byte[] sig = rsa.SignData(data, "SHA256"); Console.WriteLine("Signature : " + BitConverter.ToString(sig)); // Verify the data using the Smart Card CryptoGraphic Provider. - bool verified = rsa.VerifyData(data, "SHA1", sig); + bool verified = rsa.VerifyData(data, "SHA256", sig); Console.WriteLine("Verified : " + verified); } diff --git a/samples/snippets/csharp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CS/source.cs b/samples/snippets/csharp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CS/source.cs index c5ad4dd8ce5..e177decc799 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CS/source.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CS/source.cs @@ -10,7 +10,7 @@ public class Form1: Form protected void Method() { // - HashAlgorithm sha = new SHA1CryptoServiceProvider(); + HashAlgorithm sha = SHA256.Create(); byte[] result = sha.ComputeHash(dataArray); // } diff --git a/samples/snippets/csharp/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/CS/codedirective.cs b/samples/snippets/csharp/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/CS/codedirective.cs index 7b1585a4644..df9d0903b9b 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/CS/codedirective.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/CS/codedirective.cs @@ -84,6 +84,8 @@ static void DemonstrateCodeDirectives(string providerName, string sourceFileName File.Delete(sourceFileName); } + // This example uses the SHA1 and MD5 algorithms. + // Due to collision problems with SHA1 and MD5, Microsoft recommends SHA256 or better. private static Guid HashMD5 = new Guid(0x406ea660, 0x64cf, 0x4c82, 0xb6, 0xf0, 0x42, 0xd4, 0x81, 0x72, 0xa7, 0x99); private static Guid HashSHA1 = new Guid(0xff1816ec, 0xaa5e, 0x4d10, 0x87, 0xf7, 0x6f, 0x49, 0x63, 0x83, 0x34, 0x60); diff --git a/samples/snippets/visualbasic/VS_Snippets_CFX/c_creatests/vb/source.vb b/samples/snippets/visualbasic/VS_Snippets_CFX/c_creatests/vb/source.vb index aca693d9f4c..c6b99e68fe6 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CFX/c_creatests/vb/source.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CFX/c_creatests/vb/source.vb @@ -18,7 +18,7 @@ Namespace CreateSts Sub AddSigningCredentials(ByVal assertion As SamlAssertion, _ ByVal signingKey As SecurityKey) Dim sc As New SigningCredentials(signingKey, _ - SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest) + SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest) assertion.SigningCredentials = sc End Sub diff --git a/samples/snippets/visualbasic/VS_Snippets_CFX/samlattribute/vb/source.vb b/samples/snippets/visualbasic/VS_Snippets_CFX/samlattribute/vb/source.vb index 74e7e92be56..6f0f6ec8a19 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CFX/samlattribute/vb/source.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CFX/samlattribute/vb/source.vb @@ -870,6 +870,8 @@ Namespace Microsoft.ServiceModel.Samples.Federation End Class + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Public Class ComputedKeyAlgorithms Public Const PSHA1 As String = "http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1" End Class @@ -1027,6 +1029,8 @@ Namespace Microsoft.ServiceModel.Samples.Federation '/ Size of required key, in bits. '/ Array of bytes that contains key material. Public Shared Function ComputeCombinedKey(ByVal requestorEntropy() As Byte, ByVal issuerEntropy() As Byte, ByVal keySize As Integer) As Byte() + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Dim kha As KeyedHashAlgorithm = New HMACSHA1(requestorEntropy, True) Dim key(keySize / 8 - 1) As Byte ' Final key @@ -1132,7 +1136,8 @@ Namespace Microsoft.ServiceModel.Samples.Federation writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri) ' Write the wst:ComputeKey start tag. writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri) - ' Write the PSHA1 algorithm value. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1) writer.WriteEndElement() ' wst:ComputedKey writer.WriteEndElement() ' wst:RequestedSecurityToken @@ -1258,6 +1263,8 @@ Namespace Microsoft.ServiceModel.Samples.Federation samlSubjectStatements.Add(samlAttributeStatement) ' Create a SigningCredentials instance from the key associated with the issuerToken. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Dim signingCredentials As New SigningCredentials(issuerToken.SecurityKeys(0), SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, issuerKeyIdentifier) ' Create a SamlAssertion from the list of SamlStatements previously created and the passed in diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb index 2cfb2613a1a..07d641a708b 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb @@ -55,8 +55,8 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA1'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1 + ' Set the hash algoritm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.Name = "MyAssembly" myAssemblyName.Version = New Version("1.0.0.2001") MakeAssembly(myAssemblyName, "MyAssembly.exe") diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb index 1cb4a79537c..ac9740c1cb3 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb @@ -66,8 +66,8 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA1'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1 + ' Set the hash algoritm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.VersionCompatibility = AssemblyVersionCompatibility.SameProcess myAssemblyName.Flags = AssemblyNameFlags.PublicKey ' Provide this assembly with a strong name. diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb index e41378bacec..90074057b4b 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb @@ -57,8 +57,8 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA1'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1 + ' Set the hash algoritm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.VersionCompatibility = AssemblyVersionCompatibility.SameProcess myAssemblyName.Flags = AssemblyNameFlags.PublicKey ' Get the whole contents of the 'PublicKey.snk' into a byte array. diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/VB/sample.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/VB/sample.vb index c252562f2c1..989d3bce4a2 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/VB/sample.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/VB/sample.vb @@ -30,6 +30,8 @@ Module PasswordDerivedBytesExample ' Create the key and set it to the Key property ' of the TripleDESCryptoServiceProvider object. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV) ' diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb index 9ec7fd8d29e..3603eed550e 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb @@ -62,7 +62,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) ' Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - ' to specify the use of SHA1 for hashing. + ' to specify the hashing algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Return RSAalg.SignData(DataToSign, Index, Length, New SHA1CryptoServiceProvider) Catch e As CryptographicException Console.WriteLine(e.Message) @@ -81,7 +83,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) ' Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - ' to specify the use of SHA1 for hashing. + ' to specify the hashing algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Return RSAalg.VerifyData(DataToVerify, New SHA1CryptoServiceProvider, SignedData) Catch e As CryptographicException diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb index 0f8e406cee0..6ee4f1f6a71 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb @@ -50,7 +50,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) ' Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - ' to specify the use of SHA1 for hashing. + ' to specify the hashing algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Return RSAalg.SignData(DataToSign, New SHA1CryptoServiceProvider) Catch e As CryptographicException Console.WriteLine(e.Message) @@ -69,7 +71,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) ' Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - ' to specify the use of SHA1 for hashing. + ' to specify the hashing algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Return RSAalg.VerifyData(DataToVerify, New SHA1CryptoServiceProvider, SignedData) Catch e As CryptographicException diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb index 7444d1b6e26..2fc9f9ba26b 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb @@ -74,7 +74,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) ' Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - ' to specify the use of SHA1 for hashing. + ' to specify the hashing algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Return RSAalg.SignData(DataStream, New SHA1CryptoServiceProvider) Catch e As CryptographicException Console.WriteLine(e.Message) @@ -93,7 +95,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) ' Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - ' to specify the use of SHA1 for hashing. + ' to specify the hashing algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Return RSAalg.VerifyData(DataToVerify, New SHA1CryptoServiceProvider, SignedData) Catch e As CryptographicException diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/VB/source.vb b/samples/snippets/visualbasic/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/VB/source.vb index 90f78742c4c..c5150fae203 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/VB/source.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/VB/source.vb @@ -8,7 +8,7 @@ Public Class Form1 Protected Sub Method() ' - Dim sha As New SHA1CryptoServiceProvider() + Dim sha As SHA256 = SHA256.Create() Dim result As Byte() = sha.ComputeHash(dataArray) ' End Sub diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/VB/codedirective.vb b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/VB/codedirective.vb index 77561912545..353fe0965e8 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/VB/codedirective.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.CodeDom.CodeDirectives/VB/codedirective.vb @@ -71,6 +71,8 @@ Class CodeDirectiveDemo End Sub + ' This example uses the SHA1 and MD5 algorithms. + ' Due to collision problems with SHA1 and MD5, Microsoft recommends SHA256 or better. Private Shared HashMD5 As New Guid(&H406EA660, &H64CF, &H4C82, &HB6, &HF0, &H42, &HD4, &H81, &H72, &HA7, &H99) Private Shared HashSHA1 As New Guid(&HFF1816EC, &H65FF, &H4D10, &H87, &HF7, &H6F, &H49, &H63, &H83, &H34, &H60) From 47c6ee726734a2b1d82d156614e8073da5082756 Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Sat, 18 Jul 2020 10:20:16 -0700 Subject: [PATCH 2/8] second batch --- .../CPP/assemblyname_codebase.cpp | 4 ++-- .../CPP/assemblyname_keypair.cpp | 4 ++-- .../CPP/assemblyname_setpublickey.cpp | 4 ++-- .../Cryptography.PasswordDerivedbytes/cpp/sample.cpp | 2 ++ .../Cryptography.RSACSP.SignData1/CPP/example.cpp | 12 ++++++------ .../Cryptography.RSACSP.SignData2/CPP/example.cpp | 12 ++++++------ .../Cryptography.RSACSP.SignData3/CPP/example.cpp | 12 ++++++------ .../CPP/Cryptography.SmartCardCSP.cpp | 5 +++-- .../classic HashAlgorithm Example/CPP/source.cpp | 2 +- .../CPP/class1.cpp | 2 ++ .../cpp/customcrypto.cpp | 3 +++ .../CPP/maskgenerator.cpp | 4 ++-- .../CPP/source.cpp | 4 ++-- .../Cryptography.RSACSP.SignData1/CS/example.cs | 12 ++++-------- .../Cryptography.RSACSP.SignData2/CS/example.cs | 12 ++++-------- .../Cryptography.RSACSP.SignData3/CS/example.cs | 12 ++++-------- .../CS/class1.cs | 2 ++ .../CS/customcrypto.cs | 2 ++ .../CS/members.cs | 6 ++++++ .../CS/maskgenerator.cs | 4 ++-- .../CS/source.cs | 4 ++-- .../CS/formsauthenticationcredentials.cs | 4 ++++ .../CS/formsauthenticationuser.cs | 2 ++ .../CS/machinekeysection.cs | 2 +- .../CS/MembershipSection.cs | 2 +- .../Cryptography.RSACSP.SignData1/VB/example.vb | 12 ++++-------- .../Cryptography.RSACSP.SignData2/VB/example.vb | 12 ++++-------- .../Cryptography.RSACSP.SignData3/VB/example.vb | 12 ++++-------- .../Cryptography.SmartCardCSP/VB/example.vb | 4 ++-- .../VB/class1.vb | 2 ++ .../VB/customcrypto.vb | 2 ++ .../VB/members.vb | 6 ++++++ .../VB/maskgenerator.vb | 4 ++-- .../VB/source.vb | 4 ++-- .../VbVbalrMyUser/VB/SampleIIdentity.vb | 6 +++--- .../VS_Snippets_VBCSharp/VbVbalrStrings/VB/Class3.vb | 6 +++--- .../VB/formsauthenticationcredentials.vb | 4 ++++ .../VB/formsauthenticationuser.vb | 2 ++ .../VB/machinekeysection.vb | 2 +- .../VB/MembershipSection.vb | 2 +- 40 files changed, 115 insertions(+), 99 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp index 98b7368095c..ed95a193420 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp @@ -71,8 +71,8 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algoritm to 'SHA1'. - myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA1; + // Set the hash algorithm to 'SHA256'. + myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; myAssemblyName->Name = "MyAssembly"; myAssemblyName->Version = gcnew Version( "1.0.0.2001" ); MakeAssembly( myAssemblyName, "MyAssembly.exe" ); diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp index 53568f7ebc0..efbdd281c1d 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp @@ -78,8 +78,8 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algoritm to 'SHA1'. - myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA1; + // Set the hash algoritm to 'SHA256'. + myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; myAssemblyName->VersionCompatibility = AssemblyVersionCompatibility::SameProcess; myAssemblyName->Flags = AssemblyNameFlags::PublicKey; diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp index 901f53177ce..6b8c67fca08 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp @@ -74,8 +74,8 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algoritm to 'SHA1'. - myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA1; + // Set the hash algoritm to 'SHA256'. + myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; myAssemblyName->VersionCompatibility = AssemblyVersionCompatibility::SameProcess; myAssemblyName->Flags = AssemblyNameFlags::PublicKey; diff --git a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/cpp/sample.cpp b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/cpp/sample.cpp index 7e074d4f8f7..b48c1070167 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/cpp/sample.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/cpp/sample.cpp @@ -74,6 +74,8 @@ int main(array^ args) // // Create the key and set it to the Key property // of the TripleDESCryptoServiceProvider object. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. cryptoDESProvider->Key = passwordDeriveBytes->CryptDeriveKey ("TripleDES", "SHA1", 192, cryptoDESProvider->IV); // diff --git a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CPP/example.cpp b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CPP/example.cpp index 8cbd6f09a02..64ea93083e6 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CPP/example.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CPP/example.cpp @@ -13,9 +13,9 @@ array^ HashAndSignBytes( array^DataToSign, RSAParameters Key, int In RSACryptoServiceProvider^ RSAalg = gcnew RSACryptoServiceProvider; RSAalg->ImportParameters( Key ); - // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. - return RSAalg->SignData( DataToSign, Index, Length, gcnew SHA1CryptoServiceProvider ); + // Hash and sign the data. Pass a new instance of SHA256 + // to specify the hashing algorithm. + return RSAalg->SignData( DataToSign, Index, Length, SHA256::Create() ); } catch ( CryptographicException^ e ) { @@ -35,9 +35,9 @@ bool VerifySignedHash( array^DataToVerify, array^SignedData, RSAPara RSACryptoServiceProvider^ RSAalg = gcnew RSACryptoServiceProvider; RSAalg->ImportParameters( Key ); - // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. - return RSAalg->VerifyData( DataToVerify, gcnew SHA1CryptoServiceProvider, SignedData ); + // Verify the data using the signature. Pass a new instance of SHA256 + // to specify the hashing algorithm. + return RSAalg->VerifyData( DataToVerify, SHA256::Create(), SignedData ); } catch ( CryptographicException^ e ) { diff --git a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CPP/example.cpp b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CPP/example.cpp index 3d8dfadba64..ea06a0cb596 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CPP/example.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CPP/example.cpp @@ -13,9 +13,9 @@ array^ HashAndSignBytes( array^DataToSign, RSAParameters Key ) RSACryptoServiceProvider^ RSAalg = gcnew RSACryptoServiceProvider; RSAalg->ImportParameters( Key ); - // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. - return RSAalg->SignData( DataToSign, gcnew SHA1CryptoServiceProvider ); + // Hash and sign the data. Pass a new instance of SHA256 + // to specify the hashing algorithm. + return RSAalg->SignData( DataToSign, SHA256::Create() ); } catch ( CryptographicException^ e ) { @@ -35,9 +35,9 @@ bool VerifySignedHash( array^DataToVerify, array^SignedData, RSAPara RSACryptoServiceProvider^ RSAalg = gcnew RSACryptoServiceProvider; RSAalg->ImportParameters( Key ); - // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. - return RSAalg->VerifyData( DataToVerify, gcnew SHA1CryptoServiceProvider, SignedData ); + // Verify the data using the signature. Pass a new instance of SHA256 + // to specify the hashing algorithm. + return RSAalg->VerifyData( DataToVerify, SHA256::Create(), SignedData ); } catch ( CryptographicException^ e ) { diff --git a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CPP/example.cpp b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CPP/example.cpp index 51daadd9c78..f6127ea6dd1 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CPP/example.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CPP/example.cpp @@ -20,9 +20,9 @@ array^ HashAndSignBytes( Stream^ DataStream, RSAParameters Key ) RSACryptoServiceProvider^ RSAalg = gcnew RSACryptoServiceProvider; RSAalg->ImportParameters( Key ); - // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. - return RSAalg->SignData( DataStream, gcnew SHA1CryptoServiceProvider ); + // Hash and sign the data. Pass a new instance of SHA256 + // to specify the hashing algorithm. + return RSAalg->SignData( DataStream, SHA256::Create() ); } catch ( CryptographicException^ e ) { @@ -42,9 +42,9 @@ bool VerifySignedHash( array^DataToVerify, array^SignedData, RSAPara RSACryptoServiceProvider^ RSAalg = gcnew RSACryptoServiceProvider; RSAalg->ImportParameters( Key ); - // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider - // to specify the use of SHA1 for hashing. - return RSAalg->VerifyData( DataToVerify, gcnew SHA1CryptoServiceProvider, SignedData ); + // Verify the data using the signature. Pass a new instance of SHA256 + // to specify the hashing algorithm. + return RSAalg->VerifyData( DataToVerify, SHA256(), SignedData ); } catch ( CryptographicException^ e ) { diff --git a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp index 0ca07b17c6d..155ed3f70d0 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp @@ -27,11 +27,12 @@ int main() Console::WriteLine( L"Data : {0}", BitConverter::ToString( data ) ); // Sign the data using the Smart Card CryptoGraphic Provider. - array^sig = rsa->SignData( data, L"SHA1" ); + + array^sig = rsa->SignData( data, L"SHA256" ); Console::WriteLine( L"Signature : {0}", BitConverter::ToString( sig ) ); // Verify the data using the Smart Card CryptoGraphic Provider. - bool verified = rsa->VerifyData( data, L"SHA1", sig ); + bool verified = rsa->VerifyData( data, L"SHA256", sig ); Console::WriteLine( L"Verified : {0}", verified ); } diff --git a/samples/snippets/cpp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CPP/source.cpp b/samples/snippets/cpp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CPP/source.cpp index bdad6d9cc5d..6f730f84905 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CPP/source.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR_Classic/classic HashAlgorithm Example/CPP/source.cpp @@ -15,7 +15,7 @@ public ref class Form1: public Form void Method() { // - HashAlgorithm^ sha = gcnew SHA1CryptoServiceProvider; + HashAlgorithm^ sha = SHA256::Create(); array^ result = sha->ComputeHash( dataArray ); // } diff --git a/samples/snippets/cpp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CPP/class1.cpp b/samples/snippets/cpp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CPP/class1.cpp index b288d514e92..1915aae483d 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CPP/class1.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CPP/class1.cpp @@ -1,6 +1,8 @@ // +// This example uses the SHA1 algorithm. +// Due to collision problems with SHA1, Microsoft recommends SHA256 or better. #using using namespace System; diff --git a/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/cpp/customcrypto.cpp b/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/cpp/customcrypto.cpp index db1432637d2..e8cdf2da0ee 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/cpp/customcrypto.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/cpp/customcrypto.cpp @@ -231,6 +231,9 @@ namespace Contoso // Retrieves the name of the signature alogrithm. // + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + public: property String^ SignatureAlgorithm { diff --git a/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CPP/maskgenerator.cpp b/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CPP/maskgenerator.cpp index ee6a2a50967..e51780a1096 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CPP/maskgenerator.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CPP/maskgenerator.cpp @@ -15,10 +15,10 @@ namespace Contoso String^ hashNameValue; public: - // Initialize a mask to encrypt using the SHA1 algorithm. + // Initialize a mask to encrypt using the SHA256 algorithm. MaskGenerator() { - hashNameValue = "SHA1"; + hashNameValue = "SHA256"; } // diff --git a/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp b/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp index 5520471db5c..c6b8f6da46a 100644 --- a/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp +++ b/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp @@ -13,8 +13,8 @@ int main() { // // Create a secure group name. - SHA1Managed^ Sha1 = gcnew SHA1Managed; - array^updHash = Sha1->ComputeHash( Encoding::UTF8->GetBytes( "usernamepassworddomain" ) ); + SHA256^ Sha256 = SHA256::Create(); + array^updHash = Sha256->ComputeHash( Encoding::UTF8->GetBytes( "usernamepassworddomain" ) ); String^ secureGroupName = Encoding::Default->GetString( updHash ); // Create a request for a specific URL. diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs index f59488c8a16..c3d9ad53da6 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/CS/example.cs @@ -69,11 +69,9 @@ public static byte[] HashAndSignBytes(byte[] DataToSign, RSAParameters Key, int RSAalg.ImportParameters(Key); - // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider + // Hash and sign the data. Pass a new instance of SHA256 // to specify the hashing algorithm. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - return RSAalg.SignData(DataToSign,Index,Length, new SHA1CryptoServiceProvider()); + return RSAalg.SignData(DataToSign,Index,Length, SHA256.Create()); } catch(CryptographicException e) { @@ -93,11 +91,9 @@ public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAP RSAalg.ImportParameters(Key); - // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider + // Verify the data using the signature. Pass a new instance of SHA256 // to specify the hashing algorithm. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData); + return RSAalg.VerifyData(DataToVerify, SHA256.Create(), SignedData); } catch(CryptographicException e) { diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs index 2041d6da15e..2ed25a5c15e 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/CS/example.cs @@ -57,11 +57,9 @@ public static byte[] HashAndSignBytes(byte[] DataToSign, RSAParameters Key) RSAalg.ImportParameters(Key); - // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider + // Hash and sign the data. Pass a new instance of SHA256 // to specify the hashing algorithm. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - return RSAalg.SignData(DataToSign, new SHA1CryptoServiceProvider()); + return RSAalg.SignData(DataToSign, SHA256.Create()); } catch(CryptographicException e) { @@ -81,11 +79,9 @@ public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAP RSAalg.ImportParameters(Key); - // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider + // Verify the data using the signature. Pass a new instance of SHA256 // to specify the hashing algorithm. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData); + return RSAalg.VerifyData(DataToVerify, SHA256.Create(), SignedData); } catch(CryptographicException e) { diff --git a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs index a5794b52d08..988cd414b45 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/CS/example.cs @@ -74,11 +74,9 @@ public static byte[] HashAndSignBytes(Stream DataStream, RSAParameters Key) RSAalg.ImportParameters(Key); - // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider + // Hash and sign the data. Pass a new instance of SHA256 // to specify the hashing algorithm. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - return RSAalg.SignData(DataStream, new SHA1CryptoServiceProvider()); + return RSAalg.SignData(DataStream, SHA256.Create()); } catch(CryptographicException e) { @@ -98,11 +96,9 @@ public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAP RSAalg.ImportParameters(Key); - // Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider + // Verify the data using the signature. Pass a new instance of SHA256 // to specify the hashing algorithm. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData); + return RSAalg.VerifyData(DataToVerify, SHA256.Create(), SignedData); } catch(CryptographicException e) { diff --git a/samples/snippets/csharp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CS/class1.cs b/samples/snippets/csharp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CS/class1.cs index 8540e45b4c4..40df1f24c84 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CS/class1.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/CS/class1.cs @@ -1,4 +1,6 @@ // +// This example uses the SHA1 algorithm. +// Due to collision problems with SHA1, Microsoft recommends SHA256 or better. using System; using System.Text; using System.Security.Cryptography; diff --git a/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/CS/customcrypto.cs b/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/CS/customcrypto.cs index e8ea9a4f949..acd9d446bd1 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/CS/customcrypto.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/CS/customcrypto.cs @@ -202,6 +202,8 @@ public override string KeyExchangeAlgorithm // Retrieves the name of the signature alogrithm. // + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. public override string SignatureAlgorithm { get {return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";} diff --git a/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/CS/members.cs b/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/CS/members.cs index 086b5445898..21837371036 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/CS/members.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/CS/members.cs @@ -19,6 +19,8 @@ static void Main(string[] args) // Create a new SHA1 provider. // + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. SHA1CryptoServiceProvider SHA1alg = (SHA1CryptoServiceProvider)CryptoConfig.CreateFromName("SHA1"); // @@ -38,11 +40,15 @@ static void Main(string[] args) // Use the MapNameToOID method to get an object identifier // (OID) from the string name of the SHA1 algorithm. // + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. string sha1Oid = CryptoConfig.MapNameToOID("SHA1"); // // Encode the specified object identifier. // + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. byte[] encodedMessage = CryptoConfig.EncodeOID(sha1Oid); // diff --git a/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CS/maskgenerator.cs b/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CS/maskgenerator.cs index 79d753e77bc..d31b08d79bb 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CS/maskgenerator.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/CS/maskgenerator.cs @@ -10,10 +10,10 @@ class MaskGenerator : System.Security.Cryptography.MaskGenerationMethod { private String HashNameValue; - // Initialize a mask to encrypt using the SHA1 algorithm. + // Initialize a mask to encrypt using the SHA256 algorithm. public MaskGenerator() { - HashNameValue = "SHA1"; + HashNameValue = "SHA256"; } // diff --git a/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs b/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs index 84d53fc5650..8fe10bac9fa 100644 --- a/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs +++ b/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs @@ -12,8 +12,8 @@ public static int Main(String[] args) { // // Create a secure group name. - SHA1Managed Sha1 = new SHA1Managed(); - Byte[] updHash = Sha1.ComputeHash(Encoding.UTF8.GetBytes("username" + "password" + "domain")); + SHA256 Sha256 = SHA256.Create(); + Byte[] updHash = Sha256.ComputeHash(Encoding.UTF8.GetBytes("username" + "password" + "domain")); String secureGroupName = Encoding.Default.GetString(updHash); // Create a request for a specific URL. diff --git a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/CS/formsauthenticationcredentials.cs b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/CS/formsauthenticationcredentials.cs index 4348c84231f..5631f5b8637 100644 --- a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/CS/formsauthenticationcredentials.cs +++ b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/CS/formsauthenticationcredentials.cs @@ -46,6 +46,8 @@ public static void Main() formsAuthenticationCredentials.PasswordFormat; // Set the PasswordFormat property value. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. formsAuthenticationCredentials.PasswordFormat = FormsAuthPasswordFormat.SHA1; @@ -78,6 +80,8 @@ public static void Main() // Using method Add. // Define the SHA1 encrypted password. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. string password = "5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"; // Define the user name. diff --git a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/CS/formsauthenticationuser.cs b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/CS/formsauthenticationuser.cs index 6364c646bb8..ff3f1f3f046 100644 --- a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/CS/formsauthenticationuser.cs +++ b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/CS/formsauthenticationuser.cs @@ -58,6 +58,8 @@ public static void Main() formsAuthenticationUsers[0].Password; // Set a SHA1 encrypted password. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. formsAuthenticationUsers[0].Password = "5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"; diff --git a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/CS/machinekeysection.cs b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/CS/machinekeysection.cs index ff1d4f0b382..e283d89ff31 100644 --- a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/CS/machinekeysection.cs +++ b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/CS/machinekeysection.cs @@ -64,7 +64,7 @@ static void Main(string[] args) // // Set Validation property. - configSection.Validation = MachineKeyValidation.SHA1; + configSection.Validation = MachineKeyValidation.HMACSHA256; // // Update if not locked. diff --git a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/CS/MembershipSection.cs b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/CS/MembershipSection.cs index cadd882a4ea..bed632bdcf4 100644 --- a/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/CS/MembershipSection.cs +++ b/samples/snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/CS/MembershipSection.cs @@ -56,7 +56,7 @@ static void Main(string[] args) // Set HashAlgorithmType value. configSection.HashAlgorithmType = - MachineKeyValidation.SHA1.ToString(); + MachineKeyValidation.HMACSHA256.ToString(); // // Display UserIsOnlineTimeWindow value. diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb index 3603eed550e..f5820ee748b 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData1/VB/example.vb @@ -61,11 +61,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) - ' Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider + ' Hash and sign the data. Pass a new instance of SHA256 ' to specify the hashing algorithm. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - Return RSAalg.SignData(DataToSign, Index, Length, New SHA1CryptoServiceProvider) + Return RSAalg.SignData(DataToSign, Index, Length, SHA256.Create()) Catch e As CryptographicException Console.WriteLine(e.Message) @@ -82,11 +80,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) - ' Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider + ' Verify the data using the signature. Pass a new instance of SHA256 ' to specify the hashing algorithm. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - Return RSAalg.VerifyData(DataToVerify, New SHA1CryptoServiceProvider, SignedData) + Return RSAalg.VerifyData(DataToVerify, SHA256.Create(), SignedData) Catch e As CryptographicException Console.WriteLine(e.Message) diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb index 6ee4f1f6a71..dc6d13a1c91 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData2/VB/example.vb @@ -49,11 +49,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) - ' Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider + ' Hash and sign the data. Pass a new instance of SHA256 ' to specify the hashing algorithm. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - Return RSAalg.SignData(DataToSign, New SHA1CryptoServiceProvider) + Return RSAalg.SignData(DataToSign, SHA256.Create()) Catch e As CryptographicException Console.WriteLine(e.Message) @@ -70,11 +68,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) - ' Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider + ' Verify the data using the signature. Pass a new instance of SHA256 ' to specify the hashing algorithm. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - Return RSAalg.VerifyData(DataToVerify, New SHA1CryptoServiceProvider, SignedData) + Return RSAalg.VerifyData(DataToVerify, SHA256.Create(), SignedData) Catch e As CryptographicException Console.WriteLine(e.Message) diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb index 2fc9f9ba26b..80f94d15054 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.RSACSP.SignData3/VB/example.vb @@ -73,11 +73,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) - ' Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider + ' Hash and sign the data. Pass a new instance of SHA256 ' to specify the hashing algorithm. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - Return RSAalg.SignData(DataStream, New SHA1CryptoServiceProvider) + Return RSAalg.SignData(DataStream, SHA256.Create()) Catch e As CryptographicException Console.WriteLine(e.Message) @@ -94,11 +92,9 @@ Module RSACSPExample RSAalg.ImportParameters(Key) - ' Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider + ' Verify the data using the signature. Pass a new instance of SHA256 ' to specify the hashing algorithm. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - Return RSAalg.VerifyData(DataToVerify, New SHA1CryptoServiceProvider, SignedData) + Return RSAalg.VerifyData(DataToVerify, SHA256.Create(), SignedData) Catch e As CryptographicException Console.WriteLine(e.Message) diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.SmartCardCSP/VB/example.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.SmartCardCSP/VB/example.vb index 1839f7c432c..e1e685b04c2 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.SmartCardCSP/VB/example.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.SmartCardCSP/VB/example.vb @@ -29,12 +29,12 @@ Module SCSign Console.WriteLine("Data : " + BitConverter.ToString(data)) ' Sign the data using the Smart Card CryptoGraphic Provider. - Dim sig As Byte() = rsa.SignData(data, "SHA1") + Dim sig As Byte() = rsa.SignData(data, "SHA256") Console.WriteLine("Signature : " + BitConverter.ToString(sig)) ' Verify the data using the Smart Card CryptoGraphic Provider. - Dim verified As Boolean = rsa.VerifyData(data, "SHA1", sig) + Dim verified As Boolean = rsa.VerifyData(data, "SHA256", sig) Console.WriteLine("Verified") diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/VB/class1.vb b/samples/snippets/visualbasic/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/VB/class1.vb index 73fd7e897a4..68603123d56 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/VB/class1.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR_System/System.Security.Cryptography.RSACryptoServiceProvider ManualHash Example/VB/class1.vb @@ -1,4 +1,6 @@ ' +' This example uses the SHA1 algorithm. +' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Imports System.Text Imports System.Security.Cryptography diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/VB/customcrypto.vb b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/VB/customcrypto.vb index c7b0e344096..2215ff5f1f6 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/VB/customcrypto.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.AsymmetricAlgorithm/VB/customcrypto.vb @@ -181,6 +181,8 @@ Namespace Contoso ' Retrieves the name of the signature alogrithm. ' + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Public Overrides ReadOnly Property SignatureAlgorithm() As String Get Return "http://www.w3.org/2000/09/xmldsig#rsa-sha1" diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/VB/members.vb b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/VB/members.vb index 73129c16e04..5cc5d001666 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/VB/members.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.CryptoConfig/VB/members.vb @@ -25,6 +25,8 @@ Public Class Form1 ' Create a new SHA1 provider. ' + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Dim SHA1alg As SHA1CryptoServiceProvider SHA1alg = CType( _ cryptoConfig.CreateFromName("SHA1"), SHA1CryptoServiceProvider) @@ -47,11 +49,15 @@ Public Class Form1 ' Use the MapNameToOID method to get an object identifier. ' ' (OID) from the string name of the SHA1 algorithm. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Dim sha1Oid As String = cryptoConfig.MapNameToOID("SHA1") ' ' Encode the specified object identifier. ' + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Dim encodedMessage() As Byte = cryptoConfig.EncodeOID(sha1Oid) ' diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/VB/maskgenerator.vb b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/VB/maskgenerator.vb index 2ece3404ba5..172f1bafadd 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/VB/maskgenerator.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.Cryptography.MaskGenerationMethod/VB/maskgenerator.vb @@ -8,9 +8,9 @@ Public Class MaskGenerator Private HashNameValue As String - ' Initialize a mask to encrypt using the SHA1 algorithm. + ' Initialize a mask to encrypt using the SHA256 algorithm. Public Sub New() - HashNameValue = "SHA1" + HashNameValue = "SHA256" End Sub ' diff --git a/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb b/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb index 3d91c3c9e00..16c3f64be31 100644 --- a/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb +++ b/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb @@ -17,8 +17,8 @@ Public Class TestClass Overloads Public Shared Function Main(args() As [String]) As Integer ' ' Create a secure group name. - Dim Sha1 As New SHA1Managed() - Dim updHash As [Byte]() = Sha1.ComputeHash(Encoding.UTF8.GetBytes(("username" + "password" + "domain"))) + Dim Sha256 As SHA256 = SHA256.Create() + Dim updHash As [Byte]() = Sha256.ComputeHash(Encoding.UTF8.GetBytes(("username" + "password" + "domain"))) Dim secureGroupName As [String] = Encoding.Default.GetString(updHash) ' Create a request for a specific URL. diff --git a/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrMyUser/VB/SampleIIdentity.vb b/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrMyUser/VB/SampleIIdentity.vb index 3a24e668c71..f30eafebf32 100644 --- a/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrMyUser/VB/SampleIIdentity.vb +++ b/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrMyUser/VB/SampleIIdentity.vb @@ -70,9 +70,9 @@ Public Class SampleIIdentity Dim rawSalted As String = salt & Trim(password) Dim saltedPwBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(rawSalted) - Dim sha1 As New System.Security.Cryptography. - SHA1CryptoServiceProvider - Dim hashedPwBytes() As Byte = sha1.ComputeHash(saltedPwBytes) + Dim sha256 As System.Security.Cryptography.SHA256 = + System.Security.Cryptography.SHA256.Create() + Dim hashedPwBytes() As Byte = sha256.ComputeHash(saltedPwBytes) Dim hashedPw As String = Convert.ToBase64String(hashedPwBytes) ' Compare the hashed password with the stored password. diff --git a/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrStrings/VB/Class3.vb b/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrStrings/VB/Class3.vb index 74adb3a3a3f..53366a8824b 100644 --- a/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrStrings/VB/Class3.vb +++ b/samples/snippets/visualbasic/VS_Snippets_VBCSharp/VbVbalrStrings/VB/Class3.vb @@ -80,12 +80,12 @@ Class Class1f51e40a2f8843e2a83e28a0b5c0d6fd ByVal key As String, ByVal length As Integer) As Byte() - Dim sha1 As New SHA1CryptoServiceProvider + Dim sha256 As SHA256 = SHA256.Create() ' Hash the key. - Dim keyBytes() As Byte = + Dim keyBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(key) - Dim hash() As Byte = sha1.ComputeHash(keyBytes) + Dim hash() As Byte = sha256.ComputeHash(keyBytes) ' Truncate or pad the hash. ReDim Preserve hash(length - 1) diff --git a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/VB/formsauthenticationcredentials.vb b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/VB/formsauthenticationcredentials.vb index 6e0319f6edf..2afbaf130bf 100644 --- a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/VB/formsauthenticationcredentials.vb +++ b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationCredentials/VB/formsauthenticationcredentials.vb @@ -50,6 +50,8 @@ Class UsingFormsAuthenticationCredentials ' Set the PasswordFormat property value. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. formsAuthenticationCredentials.PasswordFormat = _ FormsAuthPasswordFormat.SHA1 @@ -76,6 +78,8 @@ Class UsingFormsAuthenticationCredentials ' ' Using method Add. ' Define the SHA1 encrypted password. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. Dim password As String = _ "5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8" ' Define the user name. diff --git a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/VB/formsauthenticationuser.vb b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/VB/formsauthenticationuser.vb index e73c66a4dfe..e454cfa5f11 100644 --- a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/VB/formsauthenticationuser.vb +++ b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationUser/VB/formsauthenticationuser.vb @@ -51,6 +51,8 @@ Class UsingFormsAuthenticationUser formsAuthenticationUsers(0).Password ' Set a SHA1 encrypted password. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. formsAuthenticationUsers(0).Password = _ "5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8" diff --git a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/VB/machinekeysection.vb b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/VB/machinekeysection.vb index 71ddd4f4c05..9c4ff511d1e 100644 --- a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/VB/machinekeysection.vb +++ b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MachineKeySection/VB/machinekeysection.vb @@ -53,7 +53,7 @@ Namespace Samples.Aspnet.SystemWebConfiguration ' ' Set Validation value. - configSection.Validation = MachineKeyValidation.SHA1 + configSection.Validation = MachineKeyValidation.HMACSHA256 ' ' Update if not locked. diff --git a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/VB/MembershipSection.vb b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/VB/MembershipSection.vb index 77aaea635c1..82d2ec4aa3f 100644 --- a/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/VB/MembershipSection.vb +++ b/samples/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Configuration.MembershipSection/VB/MembershipSection.vb @@ -49,7 +49,7 @@ Namespace Samples.Aspnet.SystemWebConfiguration ' Set HashAlgorithmType value. configSection.HashAlgorithmType = _ - MachineKeyValidation.SHA1.ToString() + MachineKeyValidation.HMACSHA256.ToString() ' ' Display UserIsOnlineTimeWindow value. From a4cdae429088b8362b222754450c6c38a933dff6 Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Sat, 18 Jul 2020 11:14:42 -0700 Subject: [PATCH 3/8] minor corrections --- .../Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp | 1 - .../AssemblyName_CodeBase/CS/assemblyname_codebase.cs | 2 +- .../AssemblyName_CodeBase/VB/assemblyname_codebase.vb | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp index 155ed3f70d0..79e192d5857 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/Cryptography.SmartCardCSP/CPP/Cryptography.SmartCardCSP.cpp @@ -27,7 +27,6 @@ int main() Console::WriteLine( L"Data : {0}", BitConverter::ToString( data ) ); // Sign the data using the Smart Card CryptoGraphic Provider. - array^sig = rsa->SignData( data, L"SHA256" ); Console::WriteLine( L"Signature : {0}", BitConverter::ToString( sig ) ); diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs index 1a9105490fe..7bb9100c7fb 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs @@ -67,7 +67,7 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algoritm to 'SHA256'. + // Set the hash algorithm to 'SHA256'. myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256; myAssemblyName.Name = "MyAssembly"; myAssemblyName.Version = new Version("1.0.0.2001"); diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb index 07d641a708b..17c65af5645 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb @@ -55,7 +55,7 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA256'. + ' Set the hash algorithm to 'SHA256'. myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.Name = "MyAssembly" myAssemblyName.Version = New Version("1.0.0.2001") From 003ea2c89c5ce71cd5de2b651865c52790e237fe Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Mon, 3 Aug 2020 12:41:31 -0700 Subject: [PATCH 4/8] revert assemblyname_codebase --- .../AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp | 4 ++-- .../AssemblyName_CodeBase/CS/assemblyname_codebase.cs | 4 ++-- .../AssemblyName_CodeBase/VB/assemblyname_codebase.vb | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp index ed95a193420..98b7368095c 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp @@ -71,8 +71,8 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algorithm to 'SHA256'. - myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; + // Set the hash algoritm to 'SHA1'. + myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA1; myAssemblyName->Name = "MyAssembly"; myAssemblyName->Version = gcnew Version( "1.0.0.2001" ); MakeAssembly( myAssemblyName, "MyAssembly.exe" ); diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs index 7bb9100c7fb..0ff40d2c5da 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs @@ -67,8 +67,8 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algorithm to 'SHA256'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256; + // Set the hash algoritm to 'SHA1'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1; myAssemblyName.Name = "MyAssembly"; myAssemblyName.Version = new Version("1.0.0.2001"); MakeAssembly(myAssemblyName, "MyAssembly.exe"); diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb index 17c65af5645..2cfb2613a1a 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb @@ -55,8 +55,8 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algorithm to 'SHA256'. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 + ' Set the hash algoritm to 'SHA1'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1 myAssemblyName.Name = "MyAssembly" myAssemblyName.Version = New Version("1.0.0.2001") MakeAssembly(myAssemblyName, "MyAssembly.exe") From 9e7fc88c319c7decde6385e2b89efac8edb08e9c Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Mon, 3 Aug 2020 15:13:30 -0700 Subject: [PATCH 5/8] revert connectiongroupname --- .../CPP/source.cpp | 6 ++++-- .../CS/source.cs | 6 ++++-- .../VB/source.vb | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp b/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp index c6b8f6da46a..8aeb9a02bc4 100644 --- a/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp +++ b/samples/snippets/cpp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CPP/source.cpp @@ -13,8 +13,10 @@ int main() { // // Create a secure group name. - SHA256^ Sha256 = SHA256::Create(); - array^updHash = Sha256->ComputeHash( Encoding::UTF8->GetBytes( "usernamepassworddomain" ) ); + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + SHA1Managed^ Sha1 = gcnew SHA1Managed; + array^updHash = Sha1->ComputeHash( Encoding::UTF8->GetBytes( "usernamepassworddomain" ) ); String^ secureGroupName = Encoding::Default->GetString( updHash ); // Create a request for a specific URL. diff --git a/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs b/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs index 8fe10bac9fa..1d96f25aebd 100644 --- a/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs +++ b/samples/snippets/csharp/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/CS/source.cs @@ -12,8 +12,10 @@ public static int Main(String[] args) { // // Create a secure group name. - SHA256 Sha256 = SHA256.Create(); - Byte[] updHash = Sha256.ComputeHash(Encoding.UTF8.GetBytes("username" + "password" + "domain")); + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + SHA1Managed Sha1 = new SHA1Managed(); + Byte[] updHash = Sha1.ComputeHash(Encoding.UTF8.GetBytes("username" + "password" + "domain")); String secureGroupName = Encoding.Default.GetString(updHash); // Create a request for a specific URL. diff --git a/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb b/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb index 16c3f64be31..2ed3a6ec804 100644 --- a/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb +++ b/samples/snippets/visualbasic/VS_Snippets_Remoting/Classic HttpWebRequest.ConnectionGroupName Example/VB/source.vb @@ -17,8 +17,10 @@ Public Class TestClass Overloads Public Shared Function Main(args() As [String]) As Integer ' ' Create a secure group name. - Dim Sha256 As SHA256 = SHA256.Create() - Dim updHash As [Byte]() = Sha256.ComputeHash(Encoding.UTF8.GetBytes(("username" + "password" + "domain"))) + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + Dim Sha1 As New SHA1Managed() + Dim updHash As [Byte]() = Sha1.ComputeHash(Encoding.UTF8.GetBytes(("username" + "password" + "domain"))) Dim secureGroupName As [String] = Encoding.Default.GetString(updHash) ' Create a request for a specific URL. From ac48b88067a470c6ad2998330d6554b81d522b91 Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Mon, 3 Aug 2020 15:19:09 -0700 Subject: [PATCH 6/8] add sha1 not recommended comments --- .../AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp | 4 +++- .../AssemblyName_CodeBase/CS/assemblyname_codebase.cs | 4 +++- .../AssemblyName_CodeBase/VB/assemblyname_codebase.vb | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp index 98b7368095c..26e263c8d63 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp @@ -71,7 +71,9 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algoritm to 'SHA1'. + // Set the hash algorithm to 'SHA1'. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA1; myAssemblyName->Name = "MyAssembly"; myAssemblyName->Version = gcnew Version( "1.0.0.2001" ); diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs index 0ff40d2c5da..8154e6f7d8c 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs @@ -67,7 +67,9 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algoritm to 'SHA1'. + // Set the hash algorithm to 'SHA1'. + // This example uses the SHA1 algorithm. + // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1; myAssemblyName.Name = "MyAssembly"; myAssemblyName.Version = new Version("1.0.0.2001"); diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb index 2cfb2613a1a..ed074d7e2bd 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb @@ -55,7 +55,9 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA1'. + ' Set the hash algorithm to 'SHA1'. + ' This example uses the SHA1 algorithm. + ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1 myAssemblyName.Name = "MyAssembly" myAssemblyName.Version = New Version("1.0.0.2001") From 5abb1baa38512535aa66e78af8bb960feb950fdc Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Mon, 3 Aug 2020 15:51:48 -0700 Subject: [PATCH 7/8] fix spelling --- .../AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp | 2 +- .../AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp | 2 +- .../AssemblyName_KeyPair/VB/assemblyname_keypair.vb | 2 +- .../AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp index efbdd281c1d..ff0b5cc6241 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_KeyPair/CPP/assemblyname_keypair.cpp @@ -78,7 +78,7 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algoritm to 'SHA256'. + // Set the hash algorithm to 'SHA256'. myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; myAssemblyName->VersionCompatibility = AssemblyVersionCompatibility::SameProcess; myAssemblyName->Flags = AssemblyNameFlags::PublicKey; diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp index 6b8c67fca08..976f368361d 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_SetPublicKey/CPP/assemblyname_setpublickey.cpp @@ -74,7 +74,7 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algoritm to 'SHA256'. + // Set the hash algorithm to 'SHA256'. myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; myAssemblyName->VersionCompatibility = AssemblyVersionCompatibility::SameProcess; myAssemblyName->Flags = AssemblyNameFlags::PublicKey; diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb index ac9740c1cb3..b1e0b308c0b 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_KeyPair/VB/assemblyname_keypair.vb @@ -66,7 +66,7 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA256'. + ' Set the hash algorithm to 'SHA256'. myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.VersionCompatibility = AssemblyVersionCompatibility.SameProcess myAssemblyName.Flags = AssemblyNameFlags.PublicKey diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb index 90074057b4b..ae35ebbc6fc 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_SetPublicKey/VB/assemblyname_setpublickey.vb @@ -57,7 +57,7 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algoritm to 'SHA256'. + ' Set the hash algorithm to 'SHA256'. myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.VersionCompatibility = AssemblyVersionCompatibility.SameProcess myAssemblyName.Flags = AssemblyNameFlags.PublicKey From 45ab38cb75f553fc4e374e280b80eb2cac5d108d Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Mon, 3 Aug 2020 16:03:46 -0700 Subject: [PATCH 8/8] back to 256 --- .../AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp | 6 ++---- .../AssemblyName_CodeBase/CS/assemblyname_codebase.cs | 6 ++---- .../AssemblyName_CodeBase/VB/assemblyname_codebase.vb | 6 ++---- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp index 26e263c8d63..ed95a193420 100644 --- a/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp +++ b/samples/snippets/cpp/VS_Snippets_CLR/AssemblyName_CodeBase/CPP/assemblyname_codebase.cpp @@ -71,10 +71,8 @@ int main() // Set the culture information of the assembly to 'English-American'. myAssemblyName->CultureInfo = gcnew CultureInfo( "en-US" ); - // Set the hash algorithm to 'SHA1'. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA1; + // Set the hash algorithm to 'SHA256'. + myAssemblyName->HashAlgorithm = AssemblyHashAlgorithm::SHA256; myAssemblyName->Name = "MyAssembly"; myAssemblyName->Version = gcnew Version( "1.0.0.2001" ); MakeAssembly( myAssemblyName, "MyAssembly.exe" ); diff --git a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs index 8154e6f7d8c..7bb9100c7fb 100644 --- a/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs +++ b/samples/snippets/csharp/VS_Snippets_CLR/AssemblyName_CodeBase/CS/assemblyname_codebase.cs @@ -67,10 +67,8 @@ public static void Main() myAssemblyName.CodeBase = Directory.GetCurrentDirectory(); // Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = new CultureInfo("en-US"); - // Set the hash algorithm to 'SHA1'. - // This example uses the SHA1 algorithm. - // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1; + // Set the hash algorithm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256; myAssemblyName.Name = "MyAssembly"; myAssemblyName.Version = new Version("1.0.0.2001"); MakeAssembly(myAssemblyName, "MyAssembly.exe"); diff --git a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb index ed074d7e2bd..17c65af5645 100644 --- a/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb +++ b/samples/snippets/visualbasic/VS_Snippets_CLR/AssemblyName_CodeBase/VB/assemblyname_codebase.vb @@ -55,10 +55,8 @@ Public Class AssemblyName_CodeBase myAssemblyName.CodeBase = Directory.GetCurrentDirectory() ' Set the culture information of the assembly to 'English-American'. myAssemblyName.CultureInfo = New CultureInfo("en-US") - ' Set the hash algorithm to 'SHA1'. - ' This example uses the SHA1 algorithm. - ' Due to collision problems with SHA1, Microsoft recommends SHA256 or better. - myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA1 + ' Set the hash algorithm to 'SHA256'. + myAssemblyName.HashAlgorithm = AssemblyHashAlgorithm.SHA256 myAssemblyName.Name = "MyAssembly" myAssemblyName.Version = New Version("1.0.0.2001") MakeAssembly(myAssemblyName, "MyAssembly.exe")