C# md5 Hash and Php

Question

I have encrypt a string in c# with md5 hash and stored it to mysql database with code below.

function getMd5Hash(string md5)
{
    string md5;
    MD5 md5hash = new MD5CryptoServiceProvider();
    md5hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(pass));
    byte[] result = md5hash.Hash;

    StringBuilder strbuilder = new StringBuilder();
    for (int i = 0; i < result.Length; i++)
    {
        strbuilder.Append(result[i].ToString("x2"));
    }
    md5 = strbuilder.ToString();
}

//salt is ten random character
string pass = getMd5Hash(getMd5Hash("fermentasi")+salt);

Now, how can I hashing same string in PHP to get match value with my function in c# ? I have been searching but didn't find a solution so far. Thanks for Helping and sorry for my bad english :)

@Duenna if it was just for computing an MD5 hash of a file or resource then there wouldn't be a salt value, so its a reasonable assumption this is for encryption. Plus the line ...ASCII.GetBytes(pass) points to a password. — Ron Beyer, Apr 28 '15 at 13:48
@RonBeyer MD5 is a hashing algorithm, and not used as part of encryption. But as part of wider cryptographical techniques — Duenna, Apr 28 '15 at 13:52
@Anton, can you post the actual code you use? The code you have in the question will not compile and isn't valid C# syntax. The method for regenerating the hash is to read the salt value out of the database, generate the hash again, and compare it against the stored value. — Ron Beyer, Apr 28 '15 at 13:52
@Duenna I understand what hashing is, see https://crackstation.net/hashing-security.htm for information on why you shouldn't use MD5 in favor of better functions like SHA256. — Ron Beyer, Apr 28 '15 at 13:54
@RonBeyer I was making a point about the term you used, generally we don't call Hashing functions a form of encryption because they aren't designed to have a way of being encrypted, like like AES or DES. That's all. — Duenna, Apr 28 '15 at 13:57
@RonBeyer yes, of course I have to read the salt value out of my database first and concat it with an input string, and then compare it against the stored value in my database. But MD5($str) method in PHP does not match with my stored value that produced from my getMd5Hash function. — Anton, Apr 29 '15 at 13:32

score 0 · Answer 1 · edited May 23 '17 at 12:08

I recently came across this same issue and found a pretty good resource here. We were also trying to encrypt an item from a PHP form, store it in MySQL and hopefully decrypt it in (and for use in) a C# application. It uses AES which is much more secure than MD5 as well. Here is a snipet of my PHP code

function encrypt($text) {

    $iv = "45287112549354892144548565456541";
    $key = "anjueolkdiwpoida";

    $block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);

    $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv]);


    $crypttext64=base64_encode($crypttext);

    return $crypttext64;

}

function decrypt ($text) {

    $iv = "45287112549354892144548565456541";
    $key = "anjueolkdiwpoida";

    $crypttext64=base64_decode($text);

    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256 ,  $key,  $crypttext64 ,  MCRYPT_MODE_CBC, $key );

    return $decrypted;

}

So all you need to do is call encrypt($text_to_encrypt) before storing it in the database, and you can call decrypt($encrypted_text) to take it back out. However, as I was only on the PHP side, you might need to refer to the previous link to see what goes into decrypting it on the C# side. Apologies for only a half-answer.

And this will only work if you have control of the C# too and you have the option of moving away from the MD5.

C# md5 Hash and Php

1 Answers1