[SOLVED] SHA256 Hashing with Salt in PHP not same as in C#

Issue

So I got an ASP.NET web app which uses hashing with salt to store password in mysql database. I am now trying to allow user to login with the same credentials as my web app through a php website. I used the following code to compare user input and hash in php

$pw = $salt . $extpassword;
if (!mb_check_encoding($pw, 'UTF-8')) {
    $pw = mb_convert_encoding($pw, 'UTF-8');
}

return ($fromdb == base64_encode(hash('sha256',$pw, true)));

As for my code in c# used to generate hash:

System.Security.Cryptography.SHA256Managed sha256 = new System.Security.Cryptography.SHA256Managed();
byte[] hash = sha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(pw + salt)); 
return Convert.ToBase64String(hash);

I am not sure why this wouldn’t work as I’m completely new to php. Can anyone please help?

Solution

In php you have salt + password, in .net you have pw + salt.

That will give different results. Fix by using:

$pw = $extpassword . $salt;

or

byte[] hash = sha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(salt + pw)); 

Answered By – Stefan

Answer Checked By – Jay B. (BugsFixing Admin)

Leave a Reply

Your email address will not be published. Required fields are marked *