G
galtschul
I am re-writing a C++ application in C# that takes a user's password,
encrypts it using MD5 (I think), and compares it to what was encrypted
and stored in the database when the user initially created their
password. The problem is that the C++ encryption generates 110
characters and the C# encryption generates only 24. The interesting
thing is that the 24 charectars generated by the C# MD5 algorithm
matches the last 24 charecters of the C++ encryption algorithm. Here is
the C++ code:
/**************************************/
std::string PasswordHash::get_passwordhash(char *s)
{
std::string hashed_value;
const BYTE* sval[1];
unsigned long lval[1];
sval[0] = reinterpret_cast<BYTE*>(s);
lval[0] = lstrlen(s);
CRYPT_ALGORITHM_IDENTIFIER AlgId;
AlgId.pszObjId=szOID_RSA_MD5;
AlgId.Parameters.cbData=0;
CRYPT_HASH_MESSAGE_PARA hash;
hash.cbSize = sizeof(CRYPT_HASH_MESSAGE_PARA);
hash.dwMsgEncodingType = (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING);
hash.hCryptProv = NULL;
hash.HashAlgorithm = AlgId;
hash.pvHashAuxInfo = NULL;
unsigned long hash_length = 0;
if(!CryptHashMessage( &hash, FALSE, 1, sval, lval, NULL,
&hash_length, NULL, NULL))
{
DWORD error = GetLastError();
return hashed_value;
}
BYTE* hash_data = new BYTE[hash_length + 1];
ZeroMemory(hash_data, hash_length + 1);
if(!CryptHashMessage(&hash, FALSE, 1, sval, lval, hash_data,
&hash_length, NULL, NULL))
{
DWORD error = GetLastError();
return hashed_value;
}
std::vector<char > vhash_data;
vhash_data.resize(hash_length);
memcpy(&vhash_data[0], (void*)hash_data, hash_length);
base64<char> encoder;
int state = 0;
encoder.put(vhash_data.begin(), vhash_data.end(),
std::back_inserter(hashed_value), state, base64<>::noline());
return hashed_value;
}
/**************************************/
And here is the C# code that I'm using:
string generatePassword(string password)
{
MD5 md5Hasher = new MD5CryptoServiceProvider();
byte[] data =
md5Hasher.ComputeHash(Encoding.ASCII.GetBytes(password));
string s = Convert.ToBase64String(data);
return s;
}
C++ OUTPUT
--------------------------
"MEcGCSqGSIb3DQEHBaA6MDgCAQAwDAYIKoZIhvcNAgUFADATBgkqhkiG9w0BBwGgBgQEODg3OAQQAETe7sQ97Rm5UhJQeesXgQ=="
C# OUTPUT
--------------------------
"AETe7sQ97Rm5UhJQeesXgQ=="
Am I doing something wrong in the C# code? Perhaps I'm not fully
understanding what the C++ code is doing.
Thanks in advance for any help I can get
encrypts it using MD5 (I think), and compares it to what was encrypted
and stored in the database when the user initially created their
password. The problem is that the C++ encryption generates 110
characters and the C# encryption generates only 24. The interesting
thing is that the 24 charectars generated by the C# MD5 algorithm
matches the last 24 charecters of the C++ encryption algorithm. Here is
the C++ code:
/**************************************/
std::string PasswordHash::get_passwordhash(char *s)
{
std::string hashed_value;
const BYTE* sval[1];
unsigned long lval[1];
sval[0] = reinterpret_cast<BYTE*>(s);
lval[0] = lstrlen(s);
CRYPT_ALGORITHM_IDENTIFIER AlgId;
AlgId.pszObjId=szOID_RSA_MD5;
AlgId.Parameters.cbData=0;
CRYPT_HASH_MESSAGE_PARA hash;
hash.cbSize = sizeof(CRYPT_HASH_MESSAGE_PARA);
hash.dwMsgEncodingType = (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING);
hash.hCryptProv = NULL;
hash.HashAlgorithm = AlgId;
hash.pvHashAuxInfo = NULL;
unsigned long hash_length = 0;
if(!CryptHashMessage( &hash, FALSE, 1, sval, lval, NULL,
&hash_length, NULL, NULL))
{
DWORD error = GetLastError();
return hashed_value;
}
BYTE* hash_data = new BYTE[hash_length + 1];
ZeroMemory(hash_data, hash_length + 1);
if(!CryptHashMessage(&hash, FALSE, 1, sval, lval, hash_data,
&hash_length, NULL, NULL))
{
DWORD error = GetLastError();
return hashed_value;
}
std::vector<char > vhash_data;
vhash_data.resize(hash_length);
memcpy(&vhash_data[0], (void*)hash_data, hash_length);
base64<char> encoder;
int state = 0;
encoder.put(vhash_data.begin(), vhash_data.end(),
std::back_inserter(hashed_value), state, base64<>::noline());
return hashed_value;
}
/**************************************/
And here is the C# code that I'm using:
string generatePassword(string password)
{
MD5 md5Hasher = new MD5CryptoServiceProvider();
byte[] data =
md5Hasher.ComputeHash(Encoding.ASCII.GetBytes(password));
string s = Convert.ToBase64String(data);
return s;
}
C++ OUTPUT
--------------------------
"MEcGCSqGSIb3DQEHBaA6MDgCAQAwDAYIKoZIhvcNAgUFADATBgkqhkiG9w0BBwGgBgQEODg3OAQQAETe7sQ97Rm5UhJQeesXgQ=="
C# OUTPUT
--------------------------
"AETe7sQ97Rm5UhJQeesXgQ=="
Am I doing something wrong in the C# code? Perhaps I'm not fully
understanding what the C++ code is doing.
Thanks in advance for any help I can get