Menu
I want to authenticate user form asp.net web application. data base used for application is MySQL and password stored in db is in encrypted format which is generated from word press application. i need to encrypted password so that i can compare encrypted password with db password.
my password : Push@123 Encrypted password : $P$BGW0cKLlkN6VlZ7OqRUvIY1Uvo/Bh9/
How to generate this Encrypted password in c#
211
asked Dec 07 '15 06:12
WordPress uses the PHPass framework, which salts the passwords before performing eight passes of MD5-based hashing.
To start with a minor positiv thing, Wordpress is not storing users passwords in plain text. The way Wordpress store users passwords is using a MD5 hash of the password and a salt. For years now, the MD5 hashing algorithm is known as unsecure and easy to crack.
Use Phpmyadmin or any DB tool to connect to the WordPress blog database. Use this tool to generate a hash password, use your password, or generate a random password by clicking the Random button. Use an update query to update the database.
Wordpress uses MD5 Password hashing. Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 8 passes of MD5. MD5 is used by default because it's supported on all platforms.
It took me a while, but here you have working almost 1:1 conversion from php to C#:
using System;
using System.Text;
using System.Security.Cryptography;
using System.Linq;
namespace WordpressHash {
public class Program {
private static string itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
public static void Main(string[]args) {
string StrPassword = "Push@123";
string expected = "$P$BGW0cKLlkN6VlZ7OqRUvIY1Uvo/Bh9/";
string computed = MD5Encode(StrPassword, expected);
Console.WriteLine(StrPassword);
Console.WriteLine(computed);
Console.WriteLine("Are equal? " + expected.Equals(computed));
}
static string MD5Encode(string password, string hash) {
string output = "*0";
if (hash == null) {
return output;
}
if (hash.StartsWith(output))
output = "*1";
string id = hash.Substring(0, 3);
// We use "$P$", phpBB3 uses "$H$" for the same thing
if (id != "$P$" && id != "$H$")
return output;
// get who many times will generate the hash
int count_log2 = itoa64.IndexOf(hash[3]);
if (count_log2 < 7 || count_log2 > 30)
return output;
int count = 1 << count_log2;
string salt = hash.Substring(4, 8);
if (salt.Length != 8)
return output;
byte[]hashBytes = {};
using(MD5 md5Hash = MD5.Create()) {
hashBytes = md5Hash.ComputeHash(Encoding.ASCII.GetBytes(salt + password));
byte[]passBytes = Encoding.ASCII.GetBytes(password);
do {
hashBytes = md5Hash.ComputeHash(hashBytes.Concat(passBytes).ToArray());
} while (--count > 0);
}
output = hash.Substring(0, 12);
string newHash = Encode64(hashBytes, 16);
return output + newHash;
}
static string Encode64(byte[]input, int count) {
StringBuilder sb = new StringBuilder();
int i = 0;
do {
int value = (int)input[i++];
sb.Append(itoa64[value & 0x3f]); // to uppercase
if (i < count)
value = value | ((int)input[i] << 8);
sb.Append(itoa64[(value >> 6) & 0x3f]);
if (i++ >= count)
break;
if (i < count)
value = value | ((int)input[i] << 16);
sb.Append(itoa64[(value >> 12) & 0x3f]);
if (i++ >= count)
break;
sb.Append(itoa64[(value >> 18) & 0x3f]);
} while (i < count);
return sb.ToString();
}
}
}
Every hash in the database is encoded using salt and n iterations of md5. Brief explanation can be found here: https://codex.wordpress.org/Function_Reference/wp_hash_password
Intentionally I have ommited salt generation. But if you will need it in the future, it should start with $P$ and be at least 12 characters long. Whit this extra method you will be able also to hash new passwords, not only check if hash is correct.
72
answered Sep 25 '22 00:09
Probably this might do the trick for you
using System.Security.Cryptography;
class Program
{
static void Main(string[] args)
{
string StrPassword = "Push@123";
using (MD5 md5Hash = MD5.Create())
{
string hashPassword = GetMd5Hash(md5Hash, StrPassword);
Console.WriteLine(hashPassword);
}
}
static string GetMd5Hash(MD5 md5Hash, string input)
{
byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}
}
Hash functions map binary strings of an arbitrary length to small binary strings of a fixed length. A cryptographic hash function has the property that it is computationally infeasible to find two distinct inputs that hash to the same value; that is, hashes of two sets of data should match if the corresponding data also matches. Small changes to the data result in large, unpredictable changes in the hash.
The hash size for the MD5 algorithm is 128 bits.
The ComputeHash methods of the MD5 class return the hash as an array of 16 bytes. Note that some MD5 implementations produce a 32-character, hexadecimal-formatted hash. To interoperate with such implementations, format the return value of the ComputeHash methods as a hexadecimal value.
Source MSDN: MD5 Class
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
