PHP and C# SHA256 Hashes returning different strings -

-

so, found question accepted answer, hopped off , tried implement necessary changes. reason though, still getting 2 different strings, , don't know i'm doing wrong. tried comment on accepted answer find help, lack reputation so. so, figured i'd ask question again (that question 2 years old, too).

let me explain i'm doing.

in php...

$intermediatesalt = md5(uniqid(rand(), true)); $salt = substr($intermediatesalt, 0, 8); $hashpassword = base64_encode( hash('sha256', $salt . hash('sha256', $password), true) );

the line says $hashpassword taken accepted answer question. didn't write of php, friend did. know enough programming alter code, couldn't create in php, let alone html.

after hash has been created, both hash , salt stored on database.

the c# method i'm using answer found here.

    public static string computehash(string plaintext, string salt)     {         // convert plain text byte array.         byte[] plaintextbytes = encoding.utf8.getbytes(plaintext);         byte[] saltbytes = encoding.utf8.getbytes(salt);          sha256managed hash = new sha256managed();          // compute hash value of salt.         byte[] plainhash = hash.computehash(plaintextbytes);          byte[] concat = new byte[plainhash.length + saltbytes.length];          system.buffer.blockcopy(saltbytes, 0, concat, 0, saltbytes.length);         system.buffer.blockcopy(plainhash, 0, concat, saltbytes.length, plainhash.length);          byte[] thashbytes = hash.computehash(concat);          // convert result base64-encoded string.         string hashvalue = convert.tobase64string(thashbytes);          // return result.         return hashvalue;     }

but bizarre reason, though person asked question got s/he wanted, still getting undesired result.

this block of code loads player data compares the php generated hashed password c# generated hashed password.

        // load player based on given email         playerstructure.player newplayer = mysql.loadplayer(email);          // compute hash based on given password , retrieved salt         // then, compare hashed password on database         string hpassword = program.computehash(password, newplayer.salt);          if (newplayer.password != hpassword)         {             sendstatusmsg(index, "invalid password.");             sendstatusmsg(index, "1: " + hpassword);             sendstatusmsg(index, "2: " + newplayer.password);              return;         }

mysql.loadplayer loads hash string , salt string database, , had use sendstatusmessage methods print strings server application takes 15 minutes load data database in debug mode. run debug exe instead, ergo no console.writeline calls. newplayer.password hashed password stored on database (the password created php). hpassword computed hash using c# method borrowed.

the salt e0071fa9 , plain-text password 'test'.

this result sendstatusmsg methods:

invalid password. 1: 3qqyvefmbn4kjjhsrq307tcdyxnmpc4k3r3udbavz8y= 2: mohrvv9c0jvpdtk28xgm3uvppuhatk2rahxd5he4zji=

any ideas might doing incorrectly? i've stated before, literally used answer on here (borrowing code verbatim) , i'm still not getting desired result. question referenced: why isn't php sha256 hash equivalent c# sha256managed hash

because answer question linking says, hash returns hex-encoded string instead of raw bytes default. passing true third parameter override behavior outer call hash, not doing same inner call.

in fact why there 2 hashes in first place? inner hash doesn't seem serve purpose @ all.


Comments

Post a Comment

Popular posts from this blog

c# - How to get the current UAC mode -

-
can check current uac type set in device before running application through c#. i got know approach check whether current user administrator or not. but, need know uac type set (i.e. default/never notify) internal logic. is possible? please help. this article self-elevation , checking level program runs in. due security reasons i'm afraid won't able retrieve uac level set. http://code.msdn.microsoft.com/windowsdesktop/csuacselfelevation-644673d3
Read more

postgresql - Lazarus + Postgres: incomplete startup packet -

-
i've been building lazarus pascal program using postgresql on back-end. used work fine following lines opening db. dbconn:= tpqconnection.create(nil); dbconn.hostname := 'localhost'; dbconn.databasename:= 'dbhrs'; dbconn.username:='mizk'; dbconn.password:='123'; dbconn.open; if dbconn.connected openhrsdb := true else openhrsdb := false; but moment change localhost server's ip (on lan), program stops. no errors or warnings. have no clue happening. here related details may narrow down problem. the program i'm running workstation on same lan server. both machines run ubuntu 12.04 desktop i can access postgres db on server using pgadmin iii, guess it's not firewall issue. i have allowed postgresql ufw , ufw disabled. strangely, when firewall disabled, can ssh server terminal using workstation. when it's enabled, can't my biggest concern right why pascal program not working when i...
Read more

javascript - Ajax jqXHR.status==0 fix error -

-
$.ajax({ url: urlstring, datatype: "json", type: "get", success: function (data) { alert(data); }, error: function (jqxhr, exception) { if (jqxhr.status === 0) { alert('not connect.\n verify network.'); } else if (jqxhr.status == 404) { alert('requested page not found. [404]'); } else if (jqxhr.status == 500) { alert('internal server error [500].'); } else if (exception === 'parsererror') { alert('requested json parse failed.'); } else if (exception === 'timeout') { alert('time out error.'); } else if (exception === 'abort') { alert('ajax request aborted.'); } else { alert('uncaught error.\n' + jqxhr.responsete...
Read more