Hi!
I'm trying to login to my website throught my program, to do that I need a password and username. The password is encrypted using C# SHA256 but on the server it uses an javascript code I got from the web.
My problem is that my C# Hash differs in many ways to my JS Hash, for example;
- Javascript has more than 32 bytes of data
- Javascript hash hasn't got any unidentyfied characters like byte 2
Has anyone any idea why it is like this??
Jump to PostIf the javascript code has more than 32 bytes then it is wrong as SHA256 is a 32 byte hash. I'm not sure what you mean by 'any unidentified characters' since it is a collection of bytes, not characters. Does the javascript turn the hash into a string representing the …
Jump to PostYou need to convert byte array results to hex.
byte []result=t.ComputeHash(System.Text.Encoding.UTF8.GetBytes("abc")); foreach (byte bt in result) Console.Write(bt.ToString("X2"));
If the javascript code has more than 32 bytes then it is wrong as SHA256 is a 32 byte hash. I'm not sure what you mean by 'any unidentified characters' since it is a collection of bytes, not characters. Does the javascript turn the hash into a string representing the hex codes of the hash?
You need to convert byte array results to hex.
byte []result=t.ComputeHash(System.Text.Encoding.UTF8.GetBytes("abc"));
foreach (byte bt in result)
Console.Write(bt.ToString("X2"));You need to convert byte array results to hex.
byte []result=t.ComputeHash(System.Text.Encoding.UTF8.GetBytes("abc")); foreach (byte bt in result) Console.Write(bt.ToString("X2"));
That did almost solve it,
The javascript SHA256 is from here: http://www.webtoolkit.info/javascript-sha256.html
Please tell if that is a wrong type of implentation of SHA256 or is it my C# code that is wrong?
>Please tell if that is a wrong type of implentation of SHA256 or is it my C# code that is wrong?
There is nothing wrong with JavaScript and C# code.
But why then does they return two different codes??
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("http://xxxxxx.xx/login.php");
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
byte[] pass = Encoding.UTF8.GetBytes(password.Text);
SHA256 hasher = SHA256.Create();
for(int i = 0; i < 100; i++)
pass = hasher.ComputeHash(pass);
StringBuilder sb = new StringBuilder();
foreach (byte bt in pass)
sb.Append(bt.ToString("x2"));
string post = "username=" + username.Text + "&password=" + sb.ToString();
Stream stream = request.GetRequestStream();
stream.Write(Encoding.UTF8.GetBytes(post), 0, Encoding.UTF8.GetByteCount(post));
stream.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
stream = response.GetResponseStream();
byte[] data = new byte[256];
stream.Read(data, 0, data.Length);
stream.Close();Please remove line #7 - for loop.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.