16

Why aren't these the same?

php:

    $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );

c#

    public static string ComputeHash(string plainText, string salt)
    {
        // Convert plain text into a byte array.
        byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
        byte[] saltBytes = Encoding.UTF8.GetBytes(salt);

        SHA256Managed hash = new SHA256Managed();

        // Compute hash value of salt.
        byte[] plainHash = hash.ComputeHash(plainTextBytes);

        byte[] concat = new byte[plainHash.Length + saltBytes.Length];

        System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
        System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);

        byte[] tHashBytes = hash.ComputeHash(concat);

        // Convert result into a base64-encoded string.
        string hashValue = Convert.ToBase64String(tHashBytes);

        // Return the result.
        return hashValue;
    }
Lemontongs
  • 163
  • 1
  • 1
  • 4

6 Answers6

11

C# is outputting a base64 ecoded string, and PHP is outputting a number in hex. A better comparison might be to pass the parameter true to the end of the hash function of PHP and base64 the result:

 $hash = base64_encode(
           hash('sha256', $userData['salt'] . hash('sha256', $password), true )
         );
cwallenpoole
  • 79,954
  • 26
  • 128
  • 166
  • Thank you for you're quick response! I tried this and tho they are now closer, they do not produce the same output. Any other thoughts? – Lemontongs Aug 30 '11 at 22:59
  • @Lemontongs have you made any changes to the above code...I am getting a differnt result in php and c# – SHANib Apr 16 '13 at 10:30
3

Because they're different. Your C# code encodes the computed hash in Base64 encoding at the end. PHP just returns a string of hexadecimal digits.

Mchl
  • 61,444
  • 9
  • 118
  • 120
2

First suspect:

Encoding.UTF8.GetBytes(plainText);

C# uses UTF-8, your PHP probably doesn't, but you could be lucky if you use strictly letters from the US-ASCII subset.

Second suspect:

Convert.ToBase64String(tHashBytes);

There's nothing about Base64 in your PHP.

Since PHP will give you a hex-encoded result, you should switch to Hex in your C#, too. See this answer for solutions.

Community
  • 1
  • 1
emboss
  • 38,880
  • 7
  • 101
  • 108
0

Well I'm no C# programmer, but one thing that leaps out at me is this:

// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(tHashBytes);

Are you base64-encoding the final output in C#? Because you're not in PHP...

DaveRandom
  • 87,921
  • 11
  • 154
  • 174
-1
C#
string toHash = "abcdefg";
SHA256Managed hash = new SHA256Managed();
byte[] signatureData = hash.ComputeHash(new UnicodeEncoding().GetBytes(toHash));
string hashResult = System.Convert.ToBase64String(signatureData);
PHP
print base64_encode(hash("sha256",mb_convert_encoding("abcdefg","UTF-16LE"),true));

Write like top code,They are the same

benomatis
  • 5,536
  • 7
  • 36
  • 59
lei.liu
  • 9
  • 1
-1

C# 

string toHash = "abcdefg"; 
SHA256Managed hash = new SHA256Managed(); 
byte[] signatureData = hash.ComputeHash(new UnicodeEncoding().GetBytes(toHash)); 
string hashResult = System.Convert.ToBase64String(signatureData);

PHP 

print base64_encode(hash("sha256",mb_convert_encoding("abcdefg","UTF-16LE"),true));

Works for me.

Ronak Dhoot
  • 2,322
  • 1
  • 12
  • 19
Maroun Tannous
  • 1