Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

md5(wordpress) password encryption in c#

Tags:

c#

wordpress

I want to authenticate user form asp.net web application. data base used for application is MySQL and password stored in db is in encrypted format which is generated from word press application. i need to encrypted password so that i can compare encrypted password with db password.

my password : Push@123 Encrypted password : $P$BGW0cKLlkN6VlZ7OqRUvIY1Uvo/Bh9/

How to generate this Encrypted password in c#

like image 211
Nil khedekar Avatar asked Dec 07 '15 06:12

Nil khedekar


People also ask

Does WordPress use MD5 for passwords?

WordPress uses the PHPass framework, which salts the passwords before performing eight passes of MD5-based hashing.

Does WordPress still use MD5?

To start with a minor positiv thing, Wordpress is not storing users passwords in plain text. The way Wordpress store users passwords is using a MD5 hash of the password and a salt. For years now, the MD5 hashing algorithm is known as unsecure and easy to crack.

How do I create a password hash in WordPress?

Use Phpmyadmin or any DB tool to connect to the WordPress blog database. Use this tool to generate a hash password, use your password, or generate a random password by clicking the Random button. Use an update query to update the database.

What password hashing does WordPress use?

Wordpress uses MD5 Password hashing. Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 8 passes of MD5. MD5 is used by default because it's supported on all platforms.


2 Answers

It took me a while, but here you have working almost 1:1 conversion from php to C#:

using System;
using System.Text;
using System.Security.Cryptography;
using System.Linq;

namespace WordpressHash {
    public class Program {
        private static string itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

        public static void Main(string[]args) {
            string StrPassword = "Push@123";
            string expected = "$P$BGW0cKLlkN6VlZ7OqRUvIY1Uvo/Bh9/";

            string computed = MD5Encode(StrPassword, expected);

            Console.WriteLine(StrPassword);
            Console.WriteLine(computed);
            Console.WriteLine("Are equal? " + expected.Equals(computed));
        }

        static string MD5Encode(string password, string hash) {
            string output = "*0";
            if (hash == null) {
                return output;
            }

            if (hash.StartsWith(output))
                output = "*1";

            string id = hash.Substring(0, 3);
            // We use "$P$", phpBB3 uses "$H$" for the same thing
            if (id != "$P$" && id != "$H$")
                return output;

            // get who many times will generate the hash
            int count_log2 = itoa64.IndexOf(hash[3]);
            if (count_log2 < 7 || count_log2 > 30)
                return output;

            int count = 1 << count_log2;

            string salt = hash.Substring(4, 8);
            if (salt.Length != 8)
                return output;

            byte[]hashBytes = {};
            using(MD5 md5Hash = MD5.Create()) {
                hashBytes = md5Hash.ComputeHash(Encoding.ASCII.GetBytes(salt + password));
                byte[]passBytes = Encoding.ASCII.GetBytes(password);
                do {
                    hashBytes = md5Hash.ComputeHash(hashBytes.Concat(passBytes).ToArray());
                } while (--count > 0);
            }

            output = hash.Substring(0, 12);
            string newHash = Encode64(hashBytes, 16);

            return output + newHash;
        }

        static string Encode64(byte[]input, int count) {
            StringBuilder sb = new StringBuilder();
            int i = 0;
            do {
                int value = (int)input[i++];
                sb.Append(itoa64[value & 0x3f]); // to uppercase
                if (i < count)
                    value = value | ((int)input[i] << 8);
                sb.Append(itoa64[(value >> 6) & 0x3f]);
                if (i++ >= count)
                    break;
                if (i < count)
                    value = value | ((int)input[i] << 16);
                sb.Append(itoa64[(value >> 12) & 0x3f]);
                if (i++ >= count)
                    break;
                sb.Append(itoa64[(value >> 18) & 0x3f]);
            } while (i < count);

            return sb.ToString();
        }
    }
}

Every hash in the database is encoded using salt and n iterations of md5. Brief explanation can be found here: https://codex.wordpress.org/Function_Reference/wp_hash_password

Intentionally I have ommited salt generation. But if you will need it in the future, it should start with $P$ and be at least 12 characters long. Whit this extra method you will be able also to hash new passwords, not only check if hash is correct.

like image 72
arthooz Avatar answered Sep 25 '22 00:09

arthooz


Probably this might do the trick for you

using System.Security.Cryptography;

    class Program
    {
        static void Main(string[] args)
        {
            string StrPassword = "Push@123";
            using (MD5 md5Hash = MD5.Create())
            {
                string hashPassword = GetMd5Hash(md5Hash, StrPassword);
                Console.WriteLine(hashPassword);
            }
        }
        static string GetMd5Hash(MD5 md5Hash, string input)
        {
            byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
            StringBuilder sBuilder = new StringBuilder();
            for (int i = 0; i < data.Length; i++)
            {
                sBuilder.Append(data[i].ToString("x2"));
            }
            return sBuilder.ToString();
        }
    }

Hash functions map binary strings of an arbitrary length to small binary strings of a fixed length. A cryptographic hash function has the property that it is computationally infeasible to find two distinct inputs that hash to the same value; that is, hashes of two sets of data should match if the corresponding data also matches. Small changes to the data result in large, unpredictable changes in the hash.

The hash size for the MD5 algorithm is 128 bits.

The ComputeHash methods of the MD5 class return the hash as an array of 16 bytes. Note that some MD5 implementations produce a 32-character, hexadecimal-formatted hash. To interoperate with such implementations, format the return value of the ComputeHash methods as a hexadecimal value.

Source MSDN: MD5 Class

like image 41
Mohit S Avatar answered Sep 26 '22 00:09

Mohit S