Help with encryption routine

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Bobbafett_666
Forum Newbie
Posts: 4
Joined: Thu Sep 08, 2005 8:30 pm
Location: Springfield, VA

Help with encryption routine

Post by Bobbafett_666 »

Hello,
I am relatively new to PHP and currently I am in the middle of migrating a small Web App developed in ASP.NET with C# to PHP 5.
My problem is that there is a small routine that encrypts passwords that I need to migrate over to PHP. The original code reads:

public static String Encrypt(String pValue)
{
byte[] aClearBytes = new UnicodeEncoding().GetBytes(pValue);
byte[] aHashedBytes = ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(aClearBytes);
return(BitConverter.ToString(aHashedBytes));
}

I would really appreciayte it very much if you can help me translate this code over to PHP

Thanks a lot

BobbaFett_666
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

very simple!

Code: Select all

class foo
{

  static function Encrypt($aString)
  {
    return md5($aString);
  }

}
I'm assuming it's returning a hex-hash?
Bobbafett_666
Forum Newbie
Posts: 4
Joined: Thu Sep 08, 2005 8:30 pm
Location: Springfield, VA

Post by Bobbafett_666 »

Hi,
I tried that (that was my first bet) but the results are different.
In .NET the code transforms the data as follows:

Lets assume that the string being passed as parameter is "MyPassword" so we have:

1.- pValue = "MyPassword"

2.- byte[] aClearBytes = new UnicodeEncoding().GetBytes(pValue);
returns a byte array with the following values:
77, 0, 121, 0, 80, 0, 97, 0, 115, 0, 115, 0, 119, 0, 111, 0, 114, 0, 100, 0

3.- byte[] aHashedBytes = ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(aClearBytes);
takes that array of bytes and transforms it into:
51, 189, 240, 9, 241, 204, 53, 131, 20, 208, 109, 54, 63, 181, 232, 242

4.- BitConverter.ToString(aHashedBytes)
Takes the Hashed value (another array of bytes) and then returns a String of hexadecimal pairs separated by hyphens where each pair represents the corresponding element in the array:
33-BD-F0-09-F1-CC-35-83-14-D0-6D-36-3F-B5-E8-F2

In PHP code I am able to get the first array by just applying a srt_split to the original String, getting the ord( ) of each charater an inserting 0's between values.
The 'problem' here is that md5 only accepts Strings not arrays, not even running the resulting array through an implode() first gets me the second string :(

Bobbafett_666
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the .Net code operates on strings, and it returns a single MD5 hash, broken into an array. See in order to hash something, C-like languages require a byte stream. PHP handles those components by itself. PHP returns the exact same thing, expect for the hyphens. The following will do just that. (You may need to use strtoupper() if you want an exact match)

Code: Select all

class foo
{

  static function Encrypt($aString)
  {
    return implode('-',str_split(md5($aString),2));
  }

}
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

of course.. that doesn't add the 16bit unicode data which I just noticed....

Code: Select all

class foo
{

  static function Encrypt($aString)
  {
    return implode('-',str_split(strtoupper(md5(implode(chr(0),str_split($aString,1)).chr(0))),2));
  }

}
that's tested to be exactly matching your output.
Bobbafett_666
Forum Newbie
Posts: 4
Joined: Thu Sep 08, 2005 8:30 pm
Location: Springfield, VA

Post by Bobbafett_666 »

RIGHT!
Actually I was able to get the same result in few more steps... but basically the same as your compact line of code:

$aStr = "MyPassword";
$arr1 = str_split($aStr);
$aUnicodeStr = "";
foreach ($arr1 as $value) {
$aUnicodeStr .= $value;
$aUnicodeStr .= chr(0);
}
print strtoupper(implode('-', str_split(md5($aUnicodeStr), 2) )) ;

THANKS A LOT !!!!!!!!!!!!!! :-)
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

I am just curious why you are converting your ASP.Net application to PHP 5. :)
Bobbafett_666
Forum Newbie
Posts: 4
Joined: Thu Sep 08, 2005 8:30 pm
Location: Springfield, VA

Post by Bobbafett_666 »

Hi,
Because seems to be not too many afforable ASP.NET/MySql hosting services out there. With PHP/MySql there are a lot more hosting services to choose from, including a HUGE number of offshore hosting companies :wink:

Bobbafett_666
Post Reply