0

This is the code used in c#

    private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
        {
            using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
            {
                var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
                for (int i = 0; i < computedHash.Length; i++)
                {
                    if (computedHash[i] != passwordHash[i]) return false;
                }
                return true;
            }
        }

This is the inputs and outputs

    password: 123456
    getPasswordHash: E08C986C781E19D3C4A2F6D1F8D0F9A548A50B2424FA9CFC6875719462426D85A917FBD9790D0B7BD1D38081BFF59AB28F5AE4837C9F2292D08226EE5B33A10F
    getPasswordSalt: 837473C08A225A80DD687A86157431D4628FB46C46F5A7F9F414EC09F7ABD976E4D057714825DEE345E9A0BF827309542902DB2919B2F3A7D866EEEBA37A30AC18CE7AC9894ADE4FE9877F11EDC516ECA0FD2634D3B9D470F0A1A7FBE834BD75F7BE8D59FF7867B24A9865A3A16D1F8BC0A547BA8A0394BE21836AE0DC908401

And this is the code used in java (One of many attempts)

    public String get_SHA_512_SecurePassword(String passwordToHash, String salt){
    String generatedPassword = null;
    try {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        md.update(salt.getBytes(StandardCharsets.UTF_8));
        byte[] bytes = md.digest(passwordToHash.getBytes(StandardCharsets.UTF_8));
        StringBuilder sb = new StringBuilder();
        for(int i=0; i< bytes.length ;i++){
            sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
        }
        generatedPassword = sb.toString();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return generatedPassword;
    }

But the result doesn't match. How can I use the same verification of the C # code in java?

Fábio Delgado
  • 17
  • 1
  • Duplicate found with a simple web search for [`java hmac`](https://www.google.com/search?q=java+hmac). Question down-voted, because it "does not show any research effort" *(quoting tooltip of down-vote button)*. – Andreas May 24 '20 at 02:38
  • Doesn't matter how many medals you have on the stackoverflow, you have no right to be rude to people. I wrote a clear code example in the post and you don't know how much time I spent researching the subject. The link to the duplicate question was not relevant, after a few hours of development I solved the problem. – Fábio Delgado May 24 '20 at 16:04

0 Answers0