Make this Hashing in PHP

jrahma

Hi,

I would like to ask how to convert this C# code into PHP as my office application is in WinForm C# but need to have a PHP portal for it?

public string HashString(string toHash)
{
    using (SHA512CryptoServiceProvider sha = new SHA512CryptoServiceProvider())
    {
        byte[] dataToHash = Encoding.UTF8.GetBytes(toHash);
        byte[] hashed = sha.ComputeHash(dataToHash);
        return Convert.ToBase64String(hashed);
    }
}

public string HashPassword(string password, string salt)
{
    string combined = password + salt;
    return HashString(combined);
}

Thanks,
Jassim

Weedpacket

So it looks like you need a [man]hash[/man] function that implements SHA512, and something that can [man]base64_encode[/man] a string.

jrahma

I tried this but I am not getting the correct hash I got from C# .NET:

<?php

  $salt = "f0ef0e366a254bde8d561baba8cebd6fdcc4c7aa5f814a15a97f497a2b82a2d8";
  $data = "testpasswordf0ef0e366a254bde8d561baba8cebd6fdcc4c7aa5f814a15a97f497a2b82a2d8";

  echo base64_encode(hash('sha512', $data));

?>

so I am getting:

NzRiY2EyZmU2YTFjOGJhNzhkY2NiODc2ZmRjYjRhZTBkNjQ2YzEyZTI5NzQ3MmNmZWZlNWRkOWNiNDdmN2VhNzc2ZjcxNzk5OTRkMDM1ZTgxZmRiYzRiZGI4NjUyYWQ1MjFkMzQzNGRlODg2YjZlOGUzNDEzZmRhZTRhYmVkMjQ

where I should get:

dLyi/moci6eNzLh2/ctK4NZGwS4pdHLP7+XdnLR/fqd29xeZlNA16B/bxL24ZSrVIdNDTeiGtujjQT/a5KvtJA==

Bonesnap

I think you forgot to concatenate your password and salt.

jrahma

I didn't

$data is the combined value. "testpassword" is the password and the remaining is the salt.

Bonesnap

Oh I see now.

It appears there's more going on in the .NET version than simply concatenating and hashing/converting. It's been way too long since I've coded in .NET to really make sense of it all, though. dataToHash and hashed appear to be arrays of bytes, whereas in PHP I think they're straight up strings. That's the only thing that stands out to me.

jrahma

so how to can I fix this and enjoy my weekend? 😕

Derokorian

jrahma;11044903 wrote:
where I should get:
dLyi/moci6eNzLh2/ctK4NZGwS4pdHLP7+XdnLR/fqd29xeZlNA16B/bxL24ZSrVIdNDTeiGtujjQT/a5KvtJA==

I'm not entirely sure this is what you would get with that password and salt on .NET the reason I'm not convinced is pretty simple:

The hash size for the SHA512 algorithm is 512 bits.

Base64 encoding converts three octets into four encoded characters.

Which means ceil(512 / 3) = 171 == the length of the string you got from PHP.

Weedpacket

According to the manual, the hash function returns its result encoded in hex instead of as raw bytes, unless you tell it to return raw bytes.

Derokorian

Weedpacket;11044915 wrote:
According to the manual, the hash function returns its result encoded in hex instead of as raw bytes, unless you tell it to return raw bytes.

Totally forgot about that, this is a very good point!

jrahma

all what I want is to have the hashing worked on cross platform between .NET and PHP because my main application is WinFom using C# but it has a PHP web portal.

jrahma

I tried it again in a simple hash sample and still not getting the same result.

Password : password
Salt : 123456789

Hash Result in .NET:

woBKg15229VdfiugA/8Dpezf6VAVMu/oKj7fh8H1QDLffHZdSQEsHVz3KHM5phobT3eJSaU7KFbJ6H5KcnDLYw==

Hash Result in PHP:

c2804a835e76dbd55d7e2ba003ff03a5ecdfe9501532efe82a3edf87c1f54032df7c765d49012c1d5cf7287339a61a1b4f778949a53b2856c9e87e4a7270cb63

Then Base64 of the Hash is:

YzI4MDRhODM1ZTc2ZGJkNTVkN2UyYmEwMDNmZjAzYTVlY2RmZTk1MDE1MzJlZmU4MmEzZWRmODdjMWY1NDAzMmRmN2M3NjVkNDkwMTJjMWQ1Y2Y3Mjg3MzM5YTYxYTFiNGY3Nzg5NDlhNTNiMjg1NmM5ZTg3ZTRhNzI3MGNiNjM

sneakyimp

You should always pay attention to weedpacket's suggestions. Also, it's usually a good idea to mimic the .NET code if you are trying to replicate its functionality:

<?php
$password = "password";
$salt = "123456789";
$result = HashPassword($password, $salt);

echo "result: " . $result . "\n";

if ($result === "woBKg15229VdfiugA/8Dpezf6VAVMu/oKj7fh8H1QDLffHZdSQEsHVz3KHM5phobT3eJSaU7KFbJ6H5KcnDLYw==") {
        echo "BINGO. It matches .NET\n";
} else {
        echo "Please try again";
}

function HashString($toHash) {
  $dataToHash = utf8_encode($toHash);
  $hashed = hash("sha512", $dataToHash, TRUE);
  return base64_encode($hashed);
}

function HashPassword($password, $salt) {
  $combined = $password . $salt;
  return HashString($combined);
}
?>

NOTE: I have utf8_encoded $dataToHash in this example but this could produce incorrect results if this string is already utf8 to start with. It sort of depends on where you get $password and $salt from.

laserlight

I tried:

<?php

function hash_string($to_hash)
{
    return base64_encode(hash('sha512', $to_hash, true)); 
}

function hash_password($password, $salt)
{
    return hash_string($password . $salt);
}

echo hash_password('password', '123456789');

This was output:

woBKg15229VdfiugA/8Dpezf6VAVMu/oKj7fh8H1QDLffHZdSQEsHVz3KHM5phobT3eJSaU7KFbJ6H5KcnDLYw==

It appears to match your "Hash Result in .NET" exactly.

sneakyimp

laserlight;11044941 wrote:

I tried:

<?php

function hash_string($to_hash)
{
    return base64_encode(hash('sha512', $to_hash, true)); 
}

function hash_password($password, $salt)
{
    return hash_string($password . $salt);
}

echo hash_password('password', '123456789');

This was output:

woBKg15229VdfiugA/8Dpezf6VAVMu/oKj7fh8H1QDLffHZdSQEsHVz3KHM5phobT3eJSaU7KFbJ6H5KcnDLYw==

It appears to match your "Hash Result in .NET" exactly.

jinx!

jrahma

wow! thank ou so much sneakyimp

I guess I missed the true argument.

Thanks everyone...

sneakyimp

You should pay more attention to Weedpacket.

Weedpacket;11044915 wrote:
According to the manual, the hash function returns its result encoded in hex instead of as raw bytes, unless you tell it to return raw bytes.