tags:

views:

43

answers:

2

So I'm in the process of writing an ASP.NET application that requires to import users from a PHP application. The passwords were hashed using MD5 into the database, so the user table records looks more or less like this:

user Password

user1 827ccb0eea8a706c4c34a16891f84e7b

user2 e10adc3949ba59abbe56e057f20f883e

And so on. I have access to the PHP source code and I can see that there is no salt or anything else, it is juts a straight MD5 application. Now, Back on my ASP.NET, I tried to use MD5 using the following logic:

public static string HashPassword(string Password)
    {
        //Declarations
        Byte[] originalBytes;
        Byte[] encodedBytes;            
        MD5 md5;

        originalBytes = ASCIIEncoding.Default.GetBytes(Password);            
        md5 = new MD5CryptoServiceProvider();
        encodedBytes = md5.ComputeHash(originalBytes);                                 

        return BitConverter.ToString(encodedBytes);
    }

Problem is, that is returning strings like 50-F8-4D-AF-3A-6D-FD-6A-9F-20-C9-F8-EF-42-89-42, which of course is not going to match with the information in the database. What should I do so I don't have to reset 500+ user passwords?

A: 

Return this instead:

return Encoding.UTF8.GetString(encodedBytes).ToLowerInvariant();

BitConverter explicitly inserts dashes in the string value.

Or of course you could keep using BitConverter and just do .Replace("-","").ToLower()

Rex M
A: 

Try these .

It looks similar to your code , but a little difference is there.

http://www.spiration.co.uk/post/1203/MD5%20in%20C%23%20-%20works%20like%20php%20md5()%20example

http://www.codeproject.com/KB/security/MD5FunctionPHP.aspx

zod