PHP + VB.NET Encryption Problem (MD5)

Question

a_salted_peanut 0 Newbie Poster

14 Years Ago

Hi all,

Please bear with me on this as i have not long been learning how PHP works and am still learning VB.NET slowly. I have been testing the code for PHP using the Apache webserver.

The problem i am having is, this is the function i am using with PHP:

<?php

$pwd="test";
$hash = base64_encode(md5($pwd));

echo $hash

?>

This is the coding used for VB.NET

Imports System.Text
Imports System.Security.Cryptography

Public Function GenerateHashMD5(ByVal SourceText As String) As String

  Dim Ue As New UnicodeEncoding()
  Dim ByteSourceText() As Byte = Ue.GetBytes(SourceText)
  Dim Md5 As New MD5CryptoServiceProvider()
  Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)

  Return Convert.ToBase64String(ByteHash)

End Function

The results using the password 'test' are as follows:
yAWeLsdBn1kOedfxt3S/5g== (VB.NET)
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY= (PHP)

I know that something in one of the sections of code is very badly wrong, and im pretty sure it will be the VB.NET, but any ideas as to how i can modify it so that they both produce the same answer? Any feedback would be a godsend as i am out of ideas at the moment...

Many thanks!

encryption php vb.net

3 Contributors
8 Replies
2K Views
4 Months Discussion Span
Latest Post 13 Years Ago Latest Post by DotNetNewbie5

=OTS=G-Man 26 Light Poster

14 Years Ago

to get the PHP style MD5 output you have to use FormsAuthentication.HashPasswordForStoringInConfigFile from the System.Web.Security name space.

So you will need to add the system.web.dll to your references.

Also you have to watch the encoding, to match PHP's i had to use Encoding.UTF8.GetBytes().

Thanks for asking the question, because i never knew there was a difference in the outputs.

I wrote mine in C# but should be able to translate to VB.NET pretty easy, but here is my test code

using System;
using System.Text;
using System.Web.Security;

namespace md5
{
    class Program
    {
        static void Main(string[] args)
        {
            byte[] hash = Encoding.UTF8.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile("test", "MD5"));
            Console.WriteLine(Convert.ToBase64String(hash));
            Console.ReadKey();
        }
    }
}

=OTS=G-Man 26 Light Poster

14 Years Ago

ok, figured it out.

the issue is the base64_encode. In PHP the md5 is returned as a lowercase string and C# returns the binary of the hash, using capital letters, so to get it to work, you have to tell php to capitalize the hash string before encoding it.

in short we where encoding
098F6BCD4621D373CADE4E832627B4F6 - .NET (after converting binary to chars)
098f6bcd4621d373cade4e832627b4f6 - PHP

so this PHP

<?php

$pwd="test";
$hash = base64_encode(strtoupper(md5($pwd)));

echo $hash

?>

matches the output of

Encoding.UTF8.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile("test", "MD5"))

a_salted_peanut commented: Simple, straight to the point, clear and consice. Has saved alot of hairloss on my part. +0

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Simple, straight to the point, clear and consice. Has saved alot of hairloss on my part.

a_salted_peanut 0 Newbie Poster · Answer 1 · 2010-10-21T03:23:14+00:00

Thanks very much for the pointers! I had a feeling it might be something to do with the UTF encoding. However i still have a slight problem which has now confused me even more.

The PHP code has stayed the same from previous and produces the output (with the password being 'test'):
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=

The VB code has changed and produces an extremely similar, but different output (with the password being 'test'):
MDk4RjZCQ0Q0NjIxRDM3M0NBREU0RTgzMjYyN0I0RjY=

The two lined up next to each other:
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
MDk4RjZCQ0Q0NjIxRDM3M0NBREU0RTgzMjYyN0I0RjY=

It is so close, and yet i don't know why? Surly they should be producing the same result (i double checked the password to make sure that neither had any uppercase letters in it as well).

The VB code is now:

Imports System.Text
Imports System.Security.Cryptography
Imports System.Web.Security

Public Function Gen_MD5_V3()

        Dim hash

        hash = Encoding.UTF8.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile("test", "MD5"))
        Form1.TextBox2.Text = Convert.ToBase64String(hash)

    End Function

a_salted_peanut 0 Newbie Poster · Answer 2 · 2010-10-21T05:06:40+00:00

***Edit***
I have now also added the PHP encoding to UTF-8 so that is "should" be in line with the PHP coding, but alas... It still isn't.

<?php

$pwd="test";
$hash = utf8_encode(base64_encode(md5($pwd)));

echo $hash

?>

a_salted_peanut 0 Newbie Poster · Answer 3 · 2010-10-22T03:02:59+00:00

Brilliant! It matchs up, you are a saint sir! Thanks!!

DotNetNewbie5 · Answer 4 · 2011-02-24T22:06:30+00:00

Hello!

Thanks for the very useful Posts here.
I am wondering, if you could also explain how to encode these MD5-Hash's in PHP and vb.net back to the original String.
So my Programm can communicate more secure between application and PHP/SQL.

I am still learing php and .net..

Many thanks!

a_salted_peanut 0 Newbie Poster · Answer 5 · 2011-02-25T06:37:30+00:00

Hello!
Thanks for the very useful Posts here.
I am wondering, if you could also explain how to encode these MD5-Hash's in PHP and vb.net back to the original String.
So my Programm can communicate more secure between application and PHP/SQL.
I am still learing php and .net..
Many thanks!

Unfortunately once you have created a hash there is no way to reverse it back to a string.

You can only make the hash again if you enter the correct string and then compare it with the original.

DotNetNewbie5 · Answer 6 · 2011-02-25T08:12:45+00:00

Thanks. Did take me about 2 hours to learn that lessn on my own. Sorry for asking that noob question.

H.a.n.d.