3

I have looked and found code to take a PHP sha512 hash and match it inside C#. I am currently looking for a way to go from a hash that was made in C# and get the same result in PHP. We are slowly moving away from asp.net to PHP and need a way to check our passwords in the database. Here is the C# code used to make the hash.

// Create a hash from a pwd and salt using sha512
    public static string CreatePasswordHash(string _password, string _salt)
    {
        string saltAndPwd = String.Concat(_password, _salt);
        SHA512 sha512 = new System.Security.Cryptography.SHA512Managed();

        byte[] sha512Bytes = System.Text.Encoding.Default.GetBytes(saltAndPwd);

        byte[] cryString = sha512.ComputeHash(sha512Bytes);

        string hashedPwd = string.Empty;

        for (int i = 0; i < cryString.Length; i++)
        {
            hashedPwd += cryString[i].ToString("X");
        }

        return hashedPwd;
    }

In PHP I have tried to get it to match but it is off by just a few bytes it seems.

function CreatePasswordHash($_password, $_salt)
    {            
        $saltAndPwd = $_password . $_salt;            
        $hashedPwd = hash('sha512', $saltAndPwd);      
        return strtoupper($hashedPwd);
    }

When using the above with the same salt and password here is the results I get. The first result is from C#, and the second result is from PHP:

60BB73FDA3FF7A444870C6D0DBC7C6966F8D5AD632B0A02762E0283051D7C54A5F4B01571D1A5BC8C689DBC411FEB92158383A56AFC6AE6074696AF36E16    
60BB73FDA3FF7A444870C6D0DBC7C609066F8D5AD632B0A02762E0283051D7C54A5F4B001571D1A5BC8C689DBC411FEB092158383A56AFC6AE6074696AF36E16

Any ideas on why these are not matching up? Does it have to do with endian byte order?

4

4 回答 4

6

尝试

hashedPwd += cryString[i].ToString("X2");

编辑PHP:

function CreatePasswordHash($_password, $_salt)
{
    $saltAndPwd = $_password . $_salt;
    $hashedPwd = hash('sha512', $saltAndPwd);

    $hex_strs = str_split($hashedPwd,2);

    foreach($hex_strs as &$hex) {
        $hex = preg_replace('/^0/', '', $hex);
    }
    $hashedPwd = implode('', $hex_strs);

    return strtoupper($hashedPwd);
}
于 2012-09-25T22:41:49.603 回答
2

C# 打印输出不包括前导零。

代替

hashedPwd += cryString[i].ToString("X");


hashedPwd += cryString[i].ToString("X2");
于 2012-09-25T22:41:53.947 回答
1

仔细检查您在 C# 和 PHP 中使用相同的字符编码。GetBytes 根据编码返回不同的结果。System.Text.Encoding.Default 取决于操作系统的本地化。

于 2012-09-25T22:45:43.213 回答
0

你可以试试open_ssl_digest

echo openssl_digest($saltAndPwd, 'sha512');

如果你有 PHP >= 5.3

您还可以使用hash_algos函数来查看您的系统支持哪些算法。

高温高压

于 2012-09-25T22:36:45.637 回答