tags:

views:

852

answers:

3
Q: 

If .net sha1 hash expects a byte array, and php sha1() wants a string, can I match the results?

I have a set of bytes I want to apply an sha1 hash to. One hash will be in .net, the other in PHP. Then I'll test to see if they match.

In .net, you can create a byte array and use sha.ComputeHash().

byte[] data = new byte[DATA_SIZE];
byte[] result; 

SHA1 sha = new SHA1CryptoServiceProvider(); 
// This is one implementation of the abstract class SHA1.
result = sha.ComputeHash(data);

In PHP, you call sha1($string).

I can't do anything about the .net side of the code, but how can I get the same hash out of PHP that .net will generate?

Please note: I am ONLY able to work on the PHP side of this. The .net stuff is fixed and can't be modified. Thanks!

+1  A: 

It looks like the sha1 function takes a byte array which is in hexidecimal notation. So if you had two bytes, FA and A1, your string would be "FAA1".

Then, you would parse the result string back into bytes and compare with the .NET output.

Note that you could create this string in .NET with the same format rather easily (use the "x2" format on the call to ToString on each byte and append all together).

casperOne  2009-03-05 18:57:17
+3  A: 

Since SHA1 is a common, standard algorithm, it is implemented the same way in PHP as it is in .NET. The only part that is different is how you invoke the two functions.

Technically, SHA1 is defined on bytes rather than strings, but (correct me if I'm wrong) PHP strings work with single-byte characters, so bytes and characters should be interchangable from the SHA1 algorithm's point of you.

You'll have to make sure that your string's value in binary is the same as .NET's byte array, in the same order. I'm not a PHP guy, so you'll have to get someone else's answer for how to do that.

Welbog  2009-03-05 18:58:41
Once again, great suggestion. I'll get my .net guy to send me an example of the data that gets sent to the ComputeHash function to see if I can convert the PHP to it.
lynn  2009-03-05 19:07:50
You accepted my answer again. Did you find out what was wrong?
Welbog  2009-03-06 13:32:53
I finally did. The .net side is creating a keyed hash, so I needed to use hash_hmac() with a validation key on my side.
lynn  2009-03-09 17:57:07
Aha! Congratulations!
Welbog  2009-03-09 18:19:08
A: 

This works for me:

string str = user.Salt + pepper + password;
SHA1 sha1 = new SHA1CryptoServiceProvider();
ASCIIEncoding encoder = new ASCIIEncoding();
byte[] input = encoder.GetBytes(str);
byte[] hash = sha1.ComputeHash(input);
string hashStr = "";
for (int i = 0; i < hash.Length; i++)
     hashStr += hash[i].ToString("X").ToLower();
if (hashStr != user.Hash)
     return false;
Jim  2009-11-24 16:10:01

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?