login about faq


I am trying to generate a SHA256-Hash using a given Salt. Here is my Powerubiler-Code (Powerscript):

loo_Crypt.HashAlgorithm = "sha256"

loo_Crypt.EncodingMode = "hex"

loo_crypt.salt = s_salt

ls_Hash = loo_Crypt.HashStringENC(ls_hash_me)

Problem: The salt has no influence on the hash. What am I missing?


asked Jul 20 '15 at 17:23

ArtVandelay's gravatar image


edited Jul 20 '15 at 17:24

The documentation for the Salt property mentions that it's for password based encryption (PBE), so I don't think it has any effect on hashing. See:

Salt *The salt to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127*

Instead I think the common practice is to combine your salt and secret data before hashing the combined data.

Another option would be to use the HashBeginBytes/HashBeginString , HashMoreBytes/HashMoreString, HashFinal/HashFinalEnc approach as follows:

  1. HashBeginBytes/String (depending on how your salt is stored) with the salt.
  2. HashMoreBytes/String (depending on how you secret data is stored) with the secret data.
  3. Call HashFinalENC to get the final encoded hash.

answered Jul 20 '15 at 20:59

jpbro's gravatar image

jpbro ♦

The Salt property is used in encryption when the CryptAlgorithm is set to "pbes1" or "pbes2". Also note that it is not used by the Pbkdf1 or Pbkdf2 methods, as the salt is passed in an argument to those methods.

Hashing data does not involve the automatic use of salt. If one SHA256 hashes "hello world" -- the input data is "hello world" and nothing else. Hash algorithms do not have salt in the definition/specification of the hashing algorithm.


answered Jul 21 '15 at 08:34

chilkat's gravatar image

chilkat ♦♦

Thanks for your answers!

However I still can't figure on how to solve the following task:

Here is an example of SHA-256 hash. Make sure to add the salt first, then the value when creating the hash. The result must be in hexadecimal format.



Clear text number to be hashed:


you should receive the following hash:



answered Jul 21 '15 at 12:47

ArtVandelay's gravatar image


I just figured it out. This code seems to work:



ls_hash = loo_crypt.hashfinalenc()

One last question: the letters of the hash I am getting by calling hashfinalenc() are uppercase, the ones in my task are lowercase. Does that make a difference?


answered Jul 21 '15 at 12:56

ArtVandelay's gravatar image


edited Jul 21 '15 at 12:57

Upper/Lowercase doesn't matter since the digits are just hexadecimal bytes (2 characters per byte). That is 5d3cee33aafd70db6ee06c53cfe65aa5cfefc795ecd9a464029fd1ada5ded0ab is the same SHA256 hash as 5D3CEE33AAFD70DB6EE06C53CFE65AA5CFEFC795ECD9A464029FD1ADA5DED0AB

However, if you are going to be doing comparisons of stored hashes vs. computed hashes, you should make sure to either normalize them to all upper/lowercase, or use a case-insensitive comparison method available in your development language.

(Jul 21 '15 at 16:54) jpbro ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Jul 20 '15 at 17:23

Seen: 4,033 times

Last updated: Jul 21 '15 at 16:54

powered by OSQA