Trouble using MD5 and SHA1 digests

G

gregarican

I have to create a C# app that mimics standard Java MD5 and SHA1
cryptography. When I first authenticate to a Java-based server I
receive a nonce (salt) value in return. Then I have take my own plain
text password, put it through SHA1 encryption, take the returned
string, prepend the nonce value to it, put it through MD5 encryption,
and there I have my final password.

The Java code is the standard SecureHash.java and MD5.java libraries.
I have a test Java client that performs this routine, but the final
password value differs from what my C# code is coming up with. Here's
my C# method below, where "nonce" indicates the salt value, and
"tbPwd.Text" indicates my plain text password value. I have verified
that these two values are identical between the two programs.

----------------------------------

public string GetSignedPassword()
{
// Encrypt this user's password information.
SHA1 sha1EncryptionObject = new
SHA1CryptoServiceProvider();
MD5 md5EncryptionObject = new MD5CryptoServiceProvider();

// Computer the SHA1 hash.
Byte[] originalStringBytes =
Encoding.UTF8.GetBytes(tbPwd.Text);
Byte[] encodedStringBytes =
sha1EncryptionObject.ComputeHash(originalStringBytes);
string strEncodedPwd =
BitConverter.ToString(encodedStringBytes);
strEncodedPwd = strEncodedPwd.Replace("-", "");


// Now that the SHA1 hash, salt with the nonce and compute
the MD5 value.
string saltedString = nonce + ":" + strEncodedPwd;
Byte[] passwordStringBytes =
Encoding.UTF8.GetBytes(saltedString);
Byte[] hashedStringBytes =
md5EncryptionObject.ComputeHash(passwordStringBytes);

// Assign encrypted code as the user's password.
string password =
BitConverter.ToString(hashedStringBytes);
password = password.Replace("-", "");
return password;
}

----------------------------------

Am I missing something here? I've googled around for hours with little
luck. Since I am relying on a third party Java server I cannot alter
its end of things. I have to make my C# method come up with the same
results. I know that the byte arrays between Java and C# can differ
when manipulating as strings. That's as far as I've gotten.

Any insight would be appreciated!
 
G

gregarican

I have to create a C# app that mimics standard Java MD5 and SHA1
cryptography. When I first authenticate to a Java-based server I
receive a nonce (salt) value in return. Then I have take my own plain
text password, put it through SHA1 encryption, take the returned
string, prepend the nonce value to it, put it through MD5 encryption,
and there I have my final password.

The Java code is the standard SecureHash.java and MD5.java libraries.
I have a test Java client that performs this routine, but the final
password value differs from what my C# code is coming up with. Here's
my C# method below, where "nonce" indicates the salt value, and
"tbPwd.Text" indicates my plain text password value. I have verified
that these two values are identical between the two programs.

----------------------------------

 public string GetSignedPassword()
        {
            // Encrypt this user's password information.
            SHA1 sha1EncryptionObject = new
SHA1CryptoServiceProvider();
            MD5 md5EncryptionObject = new MD5CryptoServiceProvider();

            // Computer the SHA1 hash.
            Byte[] originalStringBytes =
Encoding.UTF8.GetBytes(tbPwd.Text);
            Byte[] encodedStringBytes =
sha1EncryptionObject.ComputeHash(originalStringBytes);
            string strEncodedPwd =
BitConverter.ToString(encodedStringBytes);
            strEncodedPwd = strEncodedPwd.Replace("-", "");

            // Now that the SHA1 hash, salt with the nonce and compute
the MD5 value.
            string saltedString = nonce + ":" + strEncodedPwd;
            Byte[] passwordStringBytes =
Encoding.UTF8.GetBytes(saltedString);
            Byte[] hashedStringBytes =
md5EncryptionObject.ComputeHash(passwordStringBytes);

            // Assign encrypted code as the user's password.
            string password =
BitConverter.ToString(hashedStringBytes);
            password = password.Replace("-", "");
            return password;
        }

----------------------------------

Am I missing something here? I've googled around for hours with little
luck. Since I am relying on a third party Java server I cannot alter
its end of things. I have to make my C# method come up with the same
results. I know that the byte arrays between Java and C# can differ
when manipulating as strings. That's as far as I've gotten.

Any insight would be appreciated!
Click to expand...

If it helps any, I have debugged the first step of the SHA1 hashing
and that matches between the two languages. Now it's down to the MD5
hashing...
 
G

gregarican

I have to create a C# app that mimics standard Java MD5 and SHA1
cryptography. When I first authenticate to a Java-based server I
receive a nonce (salt) value in return. Then I have take my own plain
text password, put it through SHA1 encryption, take the returned
string, prepend the nonce value to it, put it through MD5 encryption,
and there I have my final password.

The Java code is the standard SecureHash.java and MD5.java libraries.
I have a test Java client that performs this routine, but the final
password value differs from what my C# code is coming up with. Here's
my C# method below, where "nonce" indicates the salt value, and
"tbPwd.Text" indicates my plain text password value. I have verified
that these two values are identical between the two programs.

----------------------------------

 public string GetSignedPassword()
        {
            // Encrypt this user's password information.
            SHA1 sha1EncryptionObject = new
SHA1CryptoServiceProvider();
            MD5 md5EncryptionObject = new MD5CryptoServiceProvider();

            // Computer the SHA1 hash.
            Byte[] originalStringBytes =
Encoding.UTF8.GetBytes(tbPwd.Text);
            Byte[] encodedStringBytes =
sha1EncryptionObject.ComputeHash(originalStringBytes);
            string strEncodedPwd =
BitConverter.ToString(encodedStringBytes);
            strEncodedPwd = strEncodedPwd.Replace("-", "");

            // Now that the SHA1 hash, salt with the nonce and compute
the MD5 value.
            string saltedString = nonce + ":" + strEncodedPwd;
            Byte[] passwordStringBytes =
Encoding.UTF8.GetBytes(saltedString);
            Byte[] hashedStringBytes =
md5EncryptionObject.ComputeHash(passwordStringBytes);

            // Assign encrypted code as the user's password.
            string password =
BitConverter.ToString(hashedStringBytes);
            password = password.Replace("-", "");
            return password;
        }

----------------------------------

Am I missing something here? I've googled around for hours with little
luck. Since I am relying on a third party Java server I cannot alter
its end of things. I have to make my C# method come up with the same
results. I know that the byte arrays between Java and C# can differ
when manipulating as strings. That's as far as I've gotten.

Any insight would be appreciated!
Click to expand...

I figured it out (duh). Had to convert the alpha characters in the
returned SHA1 hash to lowercase. Same with the returned MD5 hash.
*slaps forehead*
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hash MD5, Sha1 and Length 40
C# and PHP MD5 functions 1
Encodings and MD5 3
MD5 hash in C# vs. others 2
Formatting the output of hash values 1
MD5 encryption question - communication with Java 3
md5 hashses 1
MD5 5

Top