ansaurus

Question

Answer 1

+2 A:

Try trimming the string first, its suprisingly easy to have a newline or space on the end that changes the hash completely.

ck 2009-03-03 17:16:01

I can correctly extract other information and on examination of the string it is formatted appropriately, delimiters where expected, etc. I wish this was the problem!

lynn 2009-03-03 17:28:56

Actually, that is indeed part of the problem. The string is decrypted, and the function used pads the end of the string.

lynn 2009-03-04 19:36:50

Answer 2

+5 A:

Your ticket is being calculated on the hex string itself. Maybe the appended hash is calculated on another representation of the same data?

Welbog 2009-03-03 17:18:35

To clarify, I tried trimming the last 20 bytes from the raw data, no luck.

lynn 2009-03-03 17:27:56

What format do you get the value in? What is the value itself representing? Where are you getting it? Hashes are chaotic by design: different formats will make a huge difference. Can you not ask how the original hash is being calculated?

Welbog 2009-03-03 17:28:02

The ticket: http://www.codeproject.com/KB/aspnet/Forms_Auth_Internals/AuthTicket2.JPG This is hashed, the hash is then appended.

lynn 2009-03-03 17:44:50

Yeah, but what is being hashed? Is it being hashed byte by byte? Is its hex, octal, decimal, etc representation being hashed? Is this something you can find out?

Welbog 2009-03-03 17:51:37

So you accepted my answer? What was the actual problem? I'm curious.

Welbog 2009-03-03 18:21:26

It's a hunch. I'm still working on it, but this must be the problem as my .net cohort can replicate the hash on his end. I'll update with what I discover when I finish.

lynn 2009-03-03 18:38:51

OK, thanks. I really appreciate being kept in the loop.

Welbog 2009-03-03 18:59:27

I'm still struggling with this, but it's narrowed down to something to do with the way I'm representing my hex data. http://stackoverflow.com/questions/615157/how-do-i-sha1-hash-hex-values-correctly-in-php

lynn 2009-03-05 16:07:23

Answer 3

+3 A:

I think you are getting confused about bytes vs characters.

Internally, php stores every character in a string as a byte. The sha1 hash that PHP generates is a 40 character (40 byte) hexademical representation of the 20-byte binary data, since each binary value needs to be represented by 2 hex characters.

I'm not sure if this is the actual source of your discrepancy, but seeing this misunderstanding makes me wonder if it's related.

Peter Bailey 2009-03-03 17:30:47

$ticket = substr($decrypthex, 0, -40);$hash = substr($decrypthex, -40);echo sha1($ticket);

lynn 2009-03-03 17:34:12

Still characters... What you want to do is for each 2 characters, do chr(hexdec('0b')); (0b is an example, ill let you create the loop logic)

Andrew Moore 2009-03-03 17:58:00

Ah, thanks. I'll try that.

lynn 2009-03-03 18:00:46

Also, keep in mind that if the original code is in ASP.net, you may also have a character encoding difference (UTF-8 vs ASCII)

Andrew Moore 2009-03-03 18:01:39

Answer 4

+1 A:

According to this Online SHA1 tool the hash of the given text (after removing new lines and spaces) is

b6ecd613698ac3533b5f853bf22f6eb4afb94239

Idea: Make sure your inputing characters not a hex number to the PHP version.

Chris Nava 2009-03-03 17:40:34

That's what I'm getting, see above where I show My sha1 hash of ticket.

lynn 2009-03-03 17:42:51

Answer 5

A:

The problem was that the original was a keyed hash. I had to use hash_hmac() with a validation key rather than sha1() without.

lynn 2009-03-09 17:52:42

ansaurus

tags:

views:

answers:

Why is my SHA1 hash not matching?

Ticket:

sha1 hash of ticket appended to original:

My sha1 hash of ticket:

related questions