-2

I have problem with MD5 and Base64 functions in PHP and C#. When I try hash my string without polish chars it's ok but when I use polish chars returned different. How can I fix this?

C#

MD5 md5 = MD5.Create();
string hash = Convert.ToBase64String(md5.ComputeHash(Encoding.ASCII.GetBytes(tbPassword.Text)));

PHP

base64_encode(md5($string, true));
nsc
  • 107
  • 1
  • 7
  • 3
    I don't know C# but I'd guess `Encoding.ASCII.` would cause an issue with polish characters. – chris85 Sep 18 '17 at 13:17
  • 1
    It's not what's causing the problem, but why bother base64 encoding an MD5 hash? – iainn Sep 18 '17 at 13:19
  • Can you provide with a string that reproduces the issue? – apokryfos Sep 18 '17 at 13:27
  • ***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Sep 18 '17 at 13:28
  • Yes, it's "łóżko2017" – nsc Sep 18 '17 at 13:29
  • https://stackoverflow.com/questions/279170/utf-8-all-the-way-through most likely a duplicate for this. – Funk Forty Niner Sep 18 '17 at 13:36
  • Does your C string come out look ok? Is it just the PHP that doesn't work here? – Funk Forty Niner Sep 18 '17 at 13:39
  • 1
    must I ask that again ^ ? or are you only responding to answers below instead? I'm trying to offer my help but you seem to have absented yourself or waiting for that "magic" solution. – Funk Forty Niner Sep 18 '17 at 13:44

2 Answers2

0

It's because you are using ASCII. Try Encoding.UTF8 instead or any other encoding that allows for extended characters. And another thing: Please don't use MD5 for passwords. It has been considered insecure for years.

Palle Due
  • 5,929
  • 4
  • 17
  • 32
0

You can force the same encoding in PHP:

base64_encode(md5(mb_convert_encoding($string,"ASCII"), true));

Note that the obvious issues here (in both the C# and PHP code) is that you're losing information. The other obvious issue is that you're doing MD5 on what appears to be a password. That is a bad idea.

Here's a PHP example: http://sandbox.onlinephpfunctions.com/code/e21dd185093817217427b6cd4e58a223e6ca3b27

Here's the C# example: http://csharppad.com/gist/b26f07cbf9d53d809490e931e6cfbe1d

apokryfos
  • 38,771
  • 9
  • 70
  • 114
  • This is not working. I have two different hashes. I know about it that MD5 this is bad idea but I am working on old project which have algorithms on this function. – nsc Sep 18 '17 at 13:54
  • It's working for the original input you supplied, what is it failing for? – apokryfos Sep 18 '17 at 13:57