Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference in SHA1 in .NET and MySQL

I have a couple different bits of code but the short story is I insert some passwords into a MySQL database using SHA1 and also compute SHA1 hashes into .NET and they are not matching. I think this is a problem with my encoding code in .NET.

SQL Code:

INSERT INTO user_credentials (Password) VALUES (SHA1('password'));

password hashes to 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

.NET Code:

public static string GetPasswordHash(string password)
{
    // problem here with encoding?
    byte[] byteArray = Encoding.ASCII.GetBytes(password);

    SHA1 sha = new SHA1CryptoServiceProvider();
    byte[] hashedPasswordBytes = sha.ComputeHash(byteArray);

    return Encoding.ASCII.GetString(hashedPasswordBytes);
}

password hashes to [?a??????%l?3~???

Thanks for any help!

like image 981
Luke Belbina Avatar asked Oct 12 '10 18:10

Luke Belbina


4 Answers

In the MySQL example you are encoding to a hexadecimal string, in the .NET example you are encoding in ASCII. The two encodings are not the same.

If you convert to hexadecimal in the .NET version you get the correct result:

string hex = BitConverter.ToString(hashedPasswordBytes);

Result:

5B-AA-61-E4-C9-B9-3F-3F-06-82-25-0B-6C-F8-33-1B-7E-E6-8F-D8
like image 154
Mark Byers Avatar answered Nov 05 '22 20:11

Mark Byers


You need to put [?a??????%l?3~??? in HEX representation. What you are printing is probably in binary form (hence the multiple ? chars).

Try doing this:

string hexstring = BitConverter.ToString(hashedPasswordBytes);

And see if hexstring and MySQL hash match.

like image 42
Pablo Santa Cruz Avatar answered Nov 05 '22 21:11

Pablo Santa Cruz


The following will give you an exact match to what MySQL produces:

 BitConverter.ToString(SHA1CryptoServiceProvider.Create().ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(Password))).Replace("-", "").ToLower();
like image 2
Amrom Avatar answered Nov 05 '22 19:11

Amrom


The SHA1 hashes should be equal, but the representation is not. MySql outputs a hex-string, so you will need to do the same in .NET:

return String.Join(String.Empty, hashedPasswordBytes.Select(b => b.ToString("x2")))
like image 1
driis Avatar answered Nov 05 '22 21:11

driis