none
HashAlgorithm / SHA1 Questions RRS feed

  • Question

  • So here are my questions:

    Can someone explain the differences between using SHA1, SHA1Managed, and SHA1CryptoServiceProvider?  Perhaps where/why you would use one over the other.  I've been using the latter in my code lately.

    Why is it faster and less resource intensive when hashing large files (>1GB) passing a Stream object to ComputeHash versus a byte array?  I know that it is faster.  I'm just looking for why.

    Thanks!


    If everyone is thinking alike, then somebody isn't thinking.
    Tuesday, March 9, 2010 2:51 PM

Answers

  • The main differences between the three are:

    1) SHA1 is an abstract class. By using SHA1.Create() you get a concrete implementation that defaults to SHA1CryptoServiceProvider, but you can provide an alternate implementation and modify the configuration so that your class is picked instead. Useful if you need to tweak the algorithm yourself.

    2) SHA1Managed is a completely managed implementation of SHA1. The main point is that it doesn't rely on CAPI (which is part of Windows).

    3) SHA1CryptoServiceProvider is a simple wrapper of the unmanaged CAPI.

    IMHO SHA1CryptoServiceProvider is the best choice... not for any performance consideration (I never tested the respective speeds), but for application reliability: the CAPI implementation of SHA1 is certified for FIPS 140-1: if your users enabled the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security option, any attempt to use another SHA1 implementation will fail.
    You can read more on the .NET Security Blog.

    As to why passing a stream is faster than a byte array: both overloads will ultimately call the same methods, so I presume there isn't much of a difference there. The main issue is that when using a stream, the ComputeHash method will read and process 4K at a time, while passing in the whole file as a byte array will require a lot of memory. With files larger than 1GB it's quite likely that your application starts swapping and this is the most likely cause of the delay.

    HTH
    --mc

    • Marked as answer by Justin D_ Tuesday, March 9, 2010 5:54 PM
    Tuesday, March 9, 2010 5:46 PM

All replies

  • The main differences between the three are:

    1) SHA1 is an abstract class. By using SHA1.Create() you get a concrete implementation that defaults to SHA1CryptoServiceProvider, but you can provide an alternate implementation and modify the configuration so that your class is picked instead. Useful if you need to tweak the algorithm yourself.

    2) SHA1Managed is a completely managed implementation of SHA1. The main point is that it doesn't rely on CAPI (which is part of Windows).

    3) SHA1CryptoServiceProvider is a simple wrapper of the unmanaged CAPI.

    IMHO SHA1CryptoServiceProvider is the best choice... not for any performance consideration (I never tested the respective speeds), but for application reliability: the CAPI implementation of SHA1 is certified for FIPS 140-1: if your users enabled the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security option, any attempt to use another SHA1 implementation will fail.
    You can read more on the .NET Security Blog.

    As to why passing a stream is faster than a byte array: both overloads will ultimately call the same methods, so I presume there isn't much of a difference there. The main issue is that when using a stream, the ComputeHash method will read and process 4K at a time, while passing in the whole file as a byte array will require a lot of memory. With files larger than 1GB it's quite likely that your application starts swapping and this is the most likely cause of the delay.

    HTH
    --mc

    • Marked as answer by Justin D_ Tuesday, March 9, 2010 5:54 PM
    Tuesday, March 9, 2010 5:46 PM
  • Thanks for the reply Mario.  That confirms what I suspected as far as the differences.
    If everyone is thinking alike, then somebody isn't thinking.
    Tuesday, March 9, 2010 5:55 PM
  • The main differences between the three are:

    1) SHA1 is an abstract class. By using SHA1.Create() you get a concrete implementation that defaults to SHA1CryptoServiceProvider, but you can provide an alternate implementation and modify the configuration so that your class is picked instead. Useful if you need to tweak the algorithm yourself.

    2) SHA1Managed is a completely managed implementation of SHA1. The main point is that it doesn't rely on CAPI (which is part of Windows).

    3) SHA1CryptoServiceProvider is a simple wrapper of the unmanaged CAPI.

    IMHO SHA1CryptoServiceProvider is the best choice... not for any performance consideration (I never tested the respective speeds), but for application reliability: the CAPI implementation of SHA1 is certified for FIPS 140-1: if your users enabled the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security option, any attempt to use another SHA1 implementation will fail.
    You can read more on the .NET Security Blog.

    As to why passing a stream is faster than a byte array: both overloads will ultimately call the same methods, so I presume there isn't much of a difference there. The main issue is that when using a stream, the ComputeHash method will read and process 4K at a time, while passing in the whole file as a byte array will require a lot of memory. With files larger than 1GB it's quite likely that your application starts swapping and this is the most likely cause of the delay.

    HTH
    --mc


    Thanks for your sharing! This is what I'm looking for, It's comprehensive.
    Monday, October 4, 2010 2:22 AM