1

Im trying to translate this to c#

f1 = Digest::SHA1.hexdigest(@password)
f2 = nonce + ":" + f1
Digest::MD5.hexdigest(f2)

My Code

private static string GetSHA1HashData(string data)
{
    //create new instance of md5
    SHA1 sha1 = SHA1.Create();

    //convert the input text to array of bytes
    byte[] hashData = sha1.ComputeHash(Encoding.Default.GetBytes(data));

    //create new instance of StringBuilder to save hashed data
    StringBuilder returnValue = new StringBuilder();
    //loop for each byte and add it to StringBuilder
    for (int i = 0; i < hashData.Length; i++)
    {
        returnValue.Append(hashData[i].ToString());
    }

    // return hexadecimal string
    return returnValue.ToString();
}
public static string CreateMD5Hash(string input)
{
    // Use input string to calculate MD5 hash
    MD5 md5 = System.Security.Cryptography.MD5.Create();
    byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
    byte[] hashBytes = md5.ComputeHash(inputBytes);

    // Convert the byte array to hexadecimal string
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < hashBytes.Length; i++)
    {
        sb.Append(hashBytes[i].ToString("X2"));
        // To force the hex string to lower-case letters instead of
        // upper-case, use he following line instead:
        // sb.Append(hashBytes[i].ToString("x2")); 
    }
    return sb.ToString();
}

Call

var nonce = "1386755695841";
var password = "edc123";
var sha = GetSHA1HashData(password);
var md5 = CreateMD5Hash(nonce + ":" + sha);

But i cant get it right, any ideas

Improve this question
4
  • SHA1/MD5 a password? Big no no... bcrypt-ruby.rubyforge.org Commented Dec 11, 2013 at 10:35
  • Sorry? No, the problem is that i have the hash generated from the RB code. I have the password and the nonce but cant get the same hash when using c# Commented Dec 11, 2013 at 10:40
  • Put one of your "not right" attempts here (edit into the question). It is probably close, and will reduce the amount of work needed to help you. I agree though that the hand-rolled "security" evident here is atrocious. You could probably reverse out the passwords and just re-store them with a little effort. Commented Dec 11, 2013 at 10:52
  • Well, the problem was that i forgot the "x2" in the SHA1 tostring() method. Commented Dec 11, 2013 at 11:43

1 Answer 1

Reset to default
1

The problem is that .NET uses UTF-16 by default whilst Ruby will use something else (normally UTF-8, but it may also respect encoding that has been set by database or web source).

I think you just need to alter one line:

//convert the input text to array of bytes
byte[] hashData = sha1.ComputeHash(Encoding.ASCII.GetBytes(data));

You may need UTF-8 or even some other encoding instead, depending on the range of passwords accepted by the Ruby version. However, the ASCII coding should at least prove correctness of this answer in general from your sample data.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

As writte above, need x2 in the tostring() method in sha. Thanks
@hippie: Is that in addition to, or instead of this answer? (If it is in addition, I didn't spot it, but can add as a note to this answer, to help next person.)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.