Java and Php returns different hashes

Question

So, PHP code:

$result = hash("whirlpool","xxx".$password."zzz");

JAVA:

import gnu.crypto.Registry;
import gnu.crypto.hash.HashFactory;
import gnu.crypto.hash.IMessageDigest;

public class WhirlpoolHash {

    String result;

    WhirlpoolHash(String pass) {

        String to_encode = "xxx"+pass+"zzz";

        IMessageDigest old_encoder = HashFactory.getInstance(Registry.WHIRLPOOL_HASH);
        byte[] input = to_encode.getBytes();
        old_encoder.update(input, 0, input.length);
        byte[] digest = old_encoder.digest();
        this.result = gnu.crypto.util.Util.toString(digest).toLowerCase();

    }

    public String Get() {

        return this.result;
    }
}

And the result vars are different. I need java class to return the same value as php does. I have passwords stored in MySQL DB UTF-8 encoded generated by PHP and need to compare it with data sent by JavaFX app.

Of course i can send unencrypted password, and do it with php but I dont whant to.

I'm not very familiar with that,but phps hashing process is probably not the same one used by java. — Lucas T., Jun 29 '14 at 18:44
no it is the same , it's SHA256 @Maxim rake a look to this quetion , and let me know if you don't understand anything , http://stackoverflow.com/questions/4680661/java-sha256-outputs-different-hash-to-php-sha256 — , Jun 29 '14 at 18:54
Java has some different libs for Whirlpool hash, but i think Whirlpool is Whirlpool in С, Python or Java. I think that there is an encoding issue... — Maxim Pavlov, Jun 29 '14 at 18:56
@KHI, so i'v tried `to_encode.getBytes(StandardCharsets.UTF_8)` from java.nio.charset.StandardCharsets and got the same result as i'v got without overloading getBythes method. It's strange, as i know all string vars in Java by default are kept in UTF8, also Jquery AJAX that I used to send pass to PHP script is UTF8 by default two. Maybe the salt from Php is ANCII? — Maxim Pavlov, Jun 29 '14 at 19:14

score 0 · Accepted Answer · edited May 23 '17 at 12:11

0

So Java example for encrypting pwd with whirlpool algorithm using gnu-crypto jar was an answer.

I dont know why but jonelo.jacksum.JacksumAPI gives the result same as PHP.

edited May 23 '17 at 12:11

Community

1
1

answered Jun 29 '14 at 19:47

Maxim Pavlov

195
1
1
10

score 0 · Answer 2 · answered Jan 16 '20 at 04:18

Late response, but in case it helps someone else.

I had almost the exact same issue and used Bouncy Castle in Java. After some trial and error, I got the hashes with Whirlpool to match my PHP hash, which looked similar to yours. Assuming you pass in the password:

    WhirlpoolDigest messageDigest = new WhirlpoolDigest();

    final String convertedHash = "xxx" + password + "yyy";
    messageDigest.reset();
    final byte[] bytes = convertedHash.getBytes();
    messageDigest.update(bytes, 0, bytes.length);

    byte[] hash = new byte[messageDigest.getDigestSize()];

    messageDigest.doFinal(hash, 0);

    System.out.println(Hex.toHexString(hash));

The biggest issue for me was the final steps - the doFinal() and the Hex.toHexString() ...

My maven dependency looked like this:

    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-ext-jdk15on</artifactId>
        <version>1.64</version>
    </dependency>

Java and Php returns different hashes

2 Answers2