14

I am checking the file hashes using several different algorithms in powershell. When I use MacTripleDes, I always get different hashes. All of the others, such as SHA256 or MD5 always give reliable answers. You may be able to replicate the problem on your own computer:

"this is a test" | out-file test.txt get-filehash test.txt -algorithm sha256 get-filehash test.txt -algorithm sha256 get-filehash test.txt -algorithm mactripledes get-filehash test.txt -algorithm mactripledes

I get the same hash values for the first two hashes, but differing values for the second two hashes. Is MacTripleDes supposed to be used differently?

Algorithm Hash Path --------- ---- ---- SHA256 3F8CB2CDF03347329CAB0C80A6CE3B01EF3B17AF02E0F6E101FA67CE63729F51 C:\temp\test.txt SHA256 3F8CB2CDF03347329CAB0C80A6CE3B01EF3B17AF02E0F6E101FA67CE63729F51 C:\temp\test.txt MACTRIPLEDES 904D74A529C7A739 C:\temp\test.txt MACTRIPLEDES AF720778A2C878A2 C:\temp\test.txt
Improve this question
2
  • 3
    MACTripleDES is a keyed hashing algorithm. The Get-FileHash cmdlet does not appear to support a key parameter. Commented Dec 12, 2016 at 21:48
  • That sounds like a bug. So this comment appears to be the best answer. But I do not see how to mark it as such. Commented Dec 13, 2016 at 14:15

1 Answer 1

Reset to default
18

MACTripleDES is different than the other algorithms that are offered by the Get-FileHash cmdlet. I'm not sure why it was included in the cmdlet, to be honest. It doesn't fit with the others, IMO.

SHA1, SHA256, MD5, RIPEMD, etc., those are all regular hash functions. They take some data of arbitrary length and create a digest of fixed length that represents that data. MACTripleDES is different though, in that it's not just a hash algorithm. It has TripleDES in the name, and 3DES is an encryption algorithm, not a hashing algorithm. The biggest difference between hash functions and encryption functions is that encryption can be reversed with a key. Hashes are one-way functions.

And MAC stands for message authentication code. It's a code that's used to authenticate a message. To verify that it wasn't tampered with. MACs are designed to be ephemeral or unique from one message to the next.

Check out the constructor:

 public MACTripleDES() { KeyValue = new byte[24]; Utils.StaticRandomNumberGenerator.GetBytes(KeyValue); // Create a TripleDES encryptor des = TripleDES.Create(); HashSizeValue = des.BlockSize; m_bytesPerBlock = des.BlockSize/m_bitsPerByte; // By definition, MAC-CBC-3DES takes an IV=0. C# zero-inits arrays, // so all we have to do here is define it. des.IV = new byte[m_bytesPerBlock]; des.Padding = PaddingMode.Zeros; ...

StaticRandomNumberGenerator generates random numbers... random numbers means the result is going to be different each run.

Improve this answer
4
  • Yea, it's quite useless here. In a proper usage, you'd either pass a known key into the constructor, or retrieve the random key from the KeyedHashAlgorithm object. But there's no way to do either with Get-FileHash... Commented Dec 13, 2016 at 1:48
  • 1
    If Get-FileHash does does not allow you to specify the key to use and instead generates a random key which it never exposes to the user, that does appear to be a bug (as per the original title of the question) as you can't actually use it for anything. (Not that I understand why you would pick MACTripleDES in the first place if you wanted a MAC.) Commented Dec 13, 2016 at 7:31
  • @HåkanLindqvist I see your point, but it depends on your definition of a bug. If the code does what it was intended to do, even if it does something utterly useless, it's still not a bug in my book. It's a design change request, i.e. "Please change the cmdlet so that it actually does something useful." :) Commented Dec 13, 2016 at 14:59
  • @RyanRies Even then, is it really reasonable to assume that this is intended? Is there anything but the code itself and its behavior that supports the idea that the MACTripleDES algorithm option in Get-FileHash should be some form of convoluted RNG? Commented Dec 13, 2016 at 18:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.