4

What are the pros/cons when it comes to using SHA256 Vs Object.GetHashCode()?

In the code below, the output is identical for both methods, however the GetHashCode() seems a lot simpler, requires fewer objects/code.

class Program
    {
        static void Main(string[] args)
        {
            TestGetHashCode();
            TestSha256();
            Console.Read();
        }

        static void TestSha256()
        {
            Console.WriteLine("Testing SHA256");
            UnicodeEncoding byteConverter = new UnicodeEncoding();
            SHA256 sha256 = SHA256.Create();
            string data = "A paragraph of text";
            byte[] hashA = sha256.ComputeHash(byteConverter.GetBytes(data));
            data = "A paragraph of changed text";
            byte[] hashB = sha256.ComputeHash(byteConverter.GetBytes(data));
            data = "A paragraph of text";
            byte[] hashC = sha256.ComputeHash(byteConverter.GetBytes(data));
            Console.WriteLine(hashA.SequenceEqual(hashB)); // Displays: false
            Console.WriteLine(hashA.SequenceEqual(hashC)); // Displays: true
        }

        static void TestGetHashCode()
        {
            Console.WriteLine("Testing Object.GetHashCode()");
            string data = "A paragraph of text";
            int hashA = data.GetHashCode();
            data = "A paragraph of changed text";
            int hashB = data.GetHashCode();
            data = "A paragraph of text";
            int hashC = data.GetHashCode();
            Console.WriteLine(hashA.Equals(hashB)); // Displays: false
            Console.WriteLine(hashA.Equals(hashC)); // Displays: true
        }
    }
Improve this question
2
  • 2
    A hard requirement for GetHashCode() is that it is fast. Essential or it loses all benefit of speeding up comparisons. No such requirement for SHA256, actually better when it is slow since that slows down any attacker as well. Commented Feb 19, 2014 at 11:55
  • 4
    Object.GetHashCode can give different results between two application runs. SHA-xx is stable over multiple runs and is well defined so that it can be used cross-platform. Commented Feb 19, 2014 at 12:51

1 Answer 1

Reset to default
4

You cannot compare the two as they are built for two entirely different purposes. What is your goal? - Encryption or simple object lookup?

For object lookup (in a hashtable): GetHashCode()

For encryption: SHA256 combined with e.g. AES.

GetHashCode() should be overridden for your type and ideally only use immutable fields, ie. fields not changing over the lifetime of the object, read-only fields is a good example of this ;-)

SHA256 is used for example to hash a password for usage in an encryption algorithm that takes 256-bit keys. The point of a hashing algorithm used for encryption is that it must be slow (the opposite of the object lookup scenario) to make it more difficult to bruteforce attack passwords.

So no pros/cons as such, but really depends on your goal. Use the right tool for the purpose :-)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'd say encryption has nothing to do with hashing, so I don't see the relation between them. Though they can both be used for security reasons.
I didn't say that encryption has something to do with encryption. There is no direct relation as such of course. - However, my point above was to choose the right tool for the job. Choosing a hash algorithm you need to know the purpose. Encryption was provided as an example and not a direct relation ;-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.