14

I am checking the file hashes using several different algorithms in powershell. When I use MacTripleDes, I always get different hashes. All of the others, such as SHA256 or MD5 always give reliable answers. You may be able to replicate the problem on your own computer:

"this is a test" | out-file test.txt
get-filehash test.txt -algorithm sha256
get-filehash test.txt -algorithm sha256
get-filehash test.txt -algorithm mactripledes
get-filehash test.txt -algorithm mactripledes

I get the same hash values for the first two hashes, but differing values for the second two hashes. Is MacTripleDes supposed to be used differently?

Algorithm       Hash                                                                   Path                                                                                                                      
---------       ----                                                                   ----                                                                                                                      
SHA256          3F8CB2CDF03347329CAB0C80A6CE3B01EF3B17AF02E0F6E101FA67CE63729F51       C:\temp\test.txt                                                                                                          
SHA256          3F8CB2CDF03347329CAB0C80A6CE3B01EF3B17AF02E0F6E101FA67CE63729F51       C:\temp\test.txt                                                                                                          
MACTRIPLEDES    904D74A529C7A739                                                       C:\temp\test.txt                                                                                                          
MACTRIPLEDES    AF720778A2C878A2                                                       C:\temp\test.txt
Braiam
  • 622
  • 4
  • 23
user6722022
  • 176
  • 5
  • 3
    [MACTripleDES](https://msdn.microsoft.com/en-us/library/system.security.cryptography.mactripledes(v=vs.110).aspx) is a *keyed* hashing algorithm. The `Get-FileHash` cmdlet does not appear to support a key parameter. – jscott Dec 12 '16 at 21:48
  • That sounds like a bug. So this comment appears to be the best answer. But I do not see how to mark it as such. – user6722022 Dec 13 '16 at 14:15

1 Answers1

18

MACTripleDES is different than the other algorithms that are offered by the Get-FileHash cmdlet. I'm not sure why it was included in the cmdlet, to be honest. It doesn't fit with the others, IMO.

SHA1, SHA256, MD5, RIPEMD, etc., those are all regular hash functions. They take some data of arbitrary length and create a digest of fixed length that represents that data. MACTripleDES is different though, in that it's not just a hash algorithm. It has TripleDES in the name, and 3DES is an encryption algorithm, not a hashing algorithm. The biggest difference between hash functions and encryption functions is that encryption can be reversed with a key. Hashes are one-way functions.

And MAC stands for message authentication code. It's a code that's used to authenticate a message. To verify that it wasn't tampered with. MACs are designed to be ephemeral or unique from one message to the next.

Check out the constructor:

 public MACTripleDES() {
        KeyValue = new byte[24]; 
        Utils.StaticRandomNumberGenerator.GetBytes(KeyValue);

        // Create a TripleDES encryptor 
        des = TripleDES.Create();
        HashSizeValue = des.BlockSize; 

        m_bytesPerBlock = des.BlockSize/m_bitsPerByte;
        // By definition, MAC-CBC-3DES takes an IV=0.  C# zero-inits arrays,
        // so all we have to do here is define it. 
        des.IV = new byte[m_bytesPerBlock];
        des.Padding = PaddingMode.Zeros; 
        ...

StaticRandomNumberGenerator generates random numbers... random numbers means the result is going to be different each run.

Daniel
  • 6,780
  • 5
  • 31
  • 60
Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • Yea, it's quite useless here. In a proper usage, you'd either pass a known key into the constructor, or retrieve the random key from the `KeyedHashAlgorithm` object. But there's no way to do either with `Get-FileHash`... – Bob Dec 13 '16 at 01:48
  • 1
    If `Get-FileHash` does does not allow you to specify the key to use and instead generates a random key which it never exposes to the user, that does appear to be a bug (as per the original title of the question) as you can't actually use it for anything. (Not that I understand why you would pick MACTripleDES in the first place if you wanted a MAC.) – Håkan Lindqvist Dec 13 '16 at 07:31
  • @HåkanLindqvist I see your point, but it depends on your definition of a bug. If the code does what it was intended to do, _even if it does something utterly useless_, it's still not a bug in my book. It's a design change request, i.e. "Please change the cmdlet so that it actually does something useful." :) – Ryan Ries Dec 13 '16 at 14:59
  • @RyanRies Even then, is it really reasonable to assume that this is intended? Is there anything but the code itself and its behavior that supports the idea that the MACTripleDES algorithm option in `Get-FileHash` should be some form of convoluted RNG? – Håkan Lindqvist Dec 13 '16 at 18:17