PHP + VB.NET Encryption Problem (MD5)

Hi all,

Please bear with me on this as i have not long been learning how PHP works and am still learning VB.NET slowly. I have been testing the code for PHP using the Apache webserver.

The problem i am having is, this is the function i am using with PHP:

<?php

$pwd="test";
$hash = base64_encode(md5($pwd));

echo $hash

?>

This is the coding used for VB.NET

Imports System.Text
Imports System.Security.Cryptography

Public Function GenerateHashMD5(ByVal SourceText As String) As String

  Dim Ue As New UnicodeEncoding()
  Dim ByteSourceText() As Byte = Ue.GetBytes(SourceText)
  Dim Md5 As New MD5CryptoServiceProvider()
  Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)

  Return Convert.ToBase64String(ByteHash)

End Function

The results using the password 'test' are as follows:
yAWeLsdBn1kOedfxt3S/5g== (VB.NET)
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY= (PHP)

I know that something in one of the sections of code is very badly wrong, and im pretty sure it will be the VB.NET, but any ideas as to how i can modify it so that they both produce the same answer? Any feedback would be a godsend as i am out of ideas at the moment...

Many thanks!

a_salted_peanut

Newbie Poster

12 posts since Apr 2009

Reputation Points: 10

Solved Threads: 1

1 Year Ago

to get the PHP style MD5 output you have to use FormsAuthentication.HashPasswordForStoringInConfigFile from the System.Web.Security name space.

So you will need to add the system.web.dll to your references.

Also you have to watch the encoding, to match PHP's i had to use Encoding.UTF8.GetBytes().

Thanks for asking the question, because i never knew there was a difference in the outputs.

I wrote mine in C# but should be able to translate to VB.NET pretty easy, but here is my test code

using System;
using System.Text;
using System.Web.Security;

namespace md5
{
    class Program
    {
        static void Main(string[] args)
        {
            byte[] hash = Encoding.UTF8.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile("test", "MD5"));
            Console.WriteLine(Convert.ToBase64String(hash));
            Console.ReadKey();
        }
    }
}

=OTS=G-Man

Light Poster

47 posts since Jul 2009

Reputation Points: 37

Solved Threads: 10

1 Year Ago

Thanks very much for the pointers! I had a feeling it might be something to do with the UTF encoding. However i still have a slight problem which has now confused me even more.

The PHP code has stayed the same from previous and produces the output (with the password being 'test'):
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=

The VB code has changed and produces an extremely similar, but different output (with the password being 'test'):
MDk4RjZCQ0Q0NjIxRDM3M0NBREU0RTgzMjYyN0I0RjY=

The two lined up next to each other:
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
MDk4RjZCQ0Q0NjIxRDM3M0NBREU0RTgzMjYyN0I0RjY=

It is so close, and yet i don't know why? Surly they should be producing the same result (i double checked the password to make sure that neither had any uppercase letters in it as well).

The VB code is now:

Imports System.Text
Imports System.Security.Cryptography
Imports System.Web.Security

Public Function Gen_MD5_V3()

        Dim hash

        hash = Encoding.UTF8.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile("test", "MD5"))
        Form1.TextBox2.Text = Convert.ToBase64String(hash)

    End Function

a_salted_peanut

Newbie Poster

12 posts since Apr 2009

Reputation Points: 10

Solved Threads: 1

1 Year Ago

***Edit***
I have now also added the PHP encoding to UTF-8 so that is "should" be in line with the PHP coding, but alas... It still isn't.

<?php

$pwd="test";
$hash = utf8_encode(base64_encode(md5($pwd)));

echo $hash

?>

a_salted_peanut

Newbie Poster

12 posts since Apr 2009

Reputation Points: 10

Solved Threads: 1

1 Year Ago

Show Comments

ok, figured it out.

the issue is the base64_encode. In PHP the md5 is returned as a lowercase string and C# returns the binary of the hash, using capital letters, so to get it to work, you have to tell php to capitalize the hash string before encoding it.

in short we where encoding
098F6BCD4621D373CADE4E832627B4F6 - .NET (after converting binary to chars)
098f6bcd4621d373cade4e832627b4f6 - PHP

so this PHP

<?php

$pwd="test";
$hash = base64_encode(strtoupper(md5($pwd)));

echo $hash

?>

matches the output of

Encoding.UTF8.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile("test", "MD5"))

=OTS=G-Man

Light Poster

47 posts since Jul 2009

Reputation Points: 37

Solved Threads: 10

1 Year Ago

Brilliant! It matchs up, you are a saint sir! Thanks!!

a_salted_peanut

Newbie Poster

12 posts since Apr 2009

Reputation Points: 10

Solved Threads: 1

1 Year Ago

Hello!

Thanks for the very useful Posts here.
I am wondering, if you could also explain how to encode these MD5-Hash's in PHP and vb.net back to the original String.
So my Programm can communicate more secure between application and PHP/SQL.

I am still learing php and .net..

Many thanks!

DotNetNewbie5

Newbie Poster

2 posts since Feb 2011

Reputation Points: 10

Solved Threads: 0

1 Year Ago

Hello!

Thanks for the very useful Posts here. I am wondering, if you could also explain how to encode these MD5-Hash's in PHP and vb.net back to the original String. So my Programm can communicate more secure between application and PHP/SQL.

I am still learing php and .net..

Many thanks!

Unfortunately once you have created a hash there is no way to reverse it back to a string.

You can only make the hash again if you enter the correct string and then compare it with the original.

a_salted_peanut

Newbie Poster

12 posts since Apr 2009

Reputation Points: 10

Solved Threads: 1

1 Year Ago

Thanks. Did take me about 2 hours to learn that lessn on my own. Sorry for asking that noob question.

H.a.n.d.

DotNetNewbie5

Newbie Poster

2 posts since Feb 2011

Reputation Points: 10

Solved Threads: 0

This question has already been solved

You