How to "sign" a big string to be identified later?

Question

I put in place a system to make two systems communicate each others. System A put a message M in the DB, system B process the message and put a message M' in the DB. System A is "subscribed" to M'. To "sign" this message (a big xml file) I use the hashcode, so I can understand that message M' = M. This is working for most messages but for other is not working properly (I opened in notepad the two files M and M' and they are the same).

Probably system B format (without of course changing the content) the message, causing a different hashcode in the way back.

Does it sound reasonable? How to sign the message in a more robust way?

So far, I'm using C#, .NET3.5 to do this, and I cannot change tecnology.

I'm reading M (and generating hashcode) from fs in this way:

_currentHashCode = File.ReadAllText(file.FullName).GetHashCode();

After all the processing in B, I've been notified by B, that send me M' in an object:

object messageObj;

....

int hash = messageObj.ToString().GetHashCode();

Thanks

Answer 1

GetHashCode() does not return cryptographic hash. You need to use one of the mechanisms in the System.Security.Cryptography space to create a hash in the way you want to use it.

From MSDN:

A hash code is intended for efficient insertion and lookup in collections that are based on a hash table. A hash code is not a permanent value. For this reason:

• Do not serialize hash code values or store them in databases.
• Do not use the hash code as the key to retrieve an object from a keyed collection.
• Do not send hash codes across application domains or processes. In some cases, hash codes may be computed on a per-process or per-application domain basis.
• Do not use the hash code instead of a value returned by a cryptographic hashing function if you need a cryptographically strong hash. For cryptographic hashes, use a class derived from the System.Security.Cryptography.HashAlgorithm or System.Security.Cryptography.KeyedHashAlgorithm class.
• Do not test for equality of hash codes to determine whether two objects are equal. (Unequal objects can have identical hash codes.) To test for equality, call the ReferenceEquals or Equals method.