Hi!

I'm trying to login to my website throught my program, to do that I need a password and username. The password is encrypted using C# SHA256 but on the server it uses an javascript code I got from the web.
My problem is that my C# Hash differs in many ways to my JS Hash, for example;
- Javascript has more than 32 bytes of data
- Javascript hash hasn't got any unidentyfied characters like byte 2

Has anyone any idea why it is like this??

If the javascript code has more than 32 bytes then it is wrong as SHA256 is a 32 byte hash. I'm not sure what you mean by 'any unidentified characters' since it is a collection of bytes, not characters. Does the javascript turn the hash into a string representing the hex codes of the hash?

You need to convert byte array results to hex.

byte []result=t.ComputeHash(System.Text.Encoding.UTF8.GetBytes("abc"));

  foreach (byte bt in result)
           Console.Write(bt.ToString("X2"));

You need to convert byte array results to hex.

byte []result=t.ComputeHash(System.Text.Encoding.UTF8.GetBytes("abc"));

  foreach (byte bt in result)
           Console.Write(bt.ToString("X2"));

That did almost solve it,
The javascript SHA256 is from here: http://www.webtoolkit.info/javascript-sha256.html
Please tell if that is a wrong type of implentation of SHA256 or is it my C# code that is wrong?

>Please tell if that is a wrong type of implentation of SHA256 or is it my C# code that is wrong?

There is nothing wrong with JavaScript and C# code.

But why then does they return two different codes??

HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("http://xxxxxx.xx/login.php");
            request.Method = WebRequestMethods.Http.Post;
            request.ContentType = "application/x-www-form-urlencoded";
            byte[] pass = Encoding.UTF8.GetBytes(password.Text);

            SHA256 hasher = SHA256.Create();
            for(int i = 0; i < 100; i++)
                pass = hasher.ComputeHash(pass);

            StringBuilder sb = new StringBuilder();
            foreach (byte bt in pass)
                sb.Append(bt.ToString("x2"));

            string post = "username=" + username.Text + "&password=" + sb.ToString();

            Stream stream = request.GetRequestStream();
            stream.Write(Encoding.UTF8.GetBytes(post), 0, Encoding.UTF8.GetByteCount(post));
            stream.Close();

            HttpWebResponse response = (HttpWebResponse)request.GetResponse();
            stream = response.GetResponseStream();
            byte[] data = new byte[256];
            stream.Read(data, 0, data.Length);
            stream.Close();
This article has been dead for over six months. Start a new discussion instead.