Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

SHA256 Hashing with Salt in PHP not same as in C#

byMR
February 20, 2022

So I got an ASP.NET web app which uses hashing with salt to store password in mysql database. I am now trying to allow user to login with the same credentials as my web app through a php website. I used the following code to compare user input and hash in php

$pw = $salt . $extpassword;
if (!mb_check_encoding($pw, 'UTF-8')) {
    $pw = mb_convert_encoding($pw, 'UTF-8');
}

return ($fromdb == base64_encode(hash('sha256',$pw, true)));

As for my code in c# used to generate hash:

System.Security.Cryptography.SHA256Managed sha256 = new System.Security.Cryptography.SHA256Managed();
byte[] hash = sha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(pw + salt)); 
return Convert.ToBase64String(hash);

I am not sure why this wouldn’t work as I’m completely new to php. Can anyone please help?

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

In php you have salt + password, in .net you have pw + salt.

That will give different results. Fix by using:

$pw = $extpassword . $salt;

or

byte[] hash = sha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(salt + pw));
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading