PHP MD5 not the same as .NET MD5
I’m in the process of writing the API for our fancy new web management platform (I think you’ll like it, watch this space).
One of the security features I’ve implemented is an integrity check for the data being posted across the wire. I won’t go in to the details of it but all I need to say is I’m using MD5 to compute a hash of the posted data.
My trouble came tonight when trying to get an MD5 generated in .NET to match the one being passed to it by PHP. In PHP the md5 function is very basic, but it’s a bit more involved in .NET.
Finally though, I found the solution. Here’s the code:
It would seem the key thing to get them to match is to use the UTF7Encoding. Most of the MD5 examples around the web for .NET though seem to indicate you should use UTF8.
I’d be interested to know if this is the right way to go about cracking this nut, but for now, it’s the only way I can find.
Comments
victorantos
said on 24 April 2008That’s what I’m looking for, I was using
System.Security.Cryptography.HMACMD5 h = new System.Security.Cryptography.HMACMD5(); h.ComputeHash(data2);
but it doesn’t match with php generated hash
Morten K. Poulsen
said on 24 April 2008The MD5 algorithm digests blocks of 512 bits (64 bytes). It does not interpret the data in any way. So if you have a string of characters, you must represent them in the same way (US-ASCII, UTF-8, ISO-8859-15, …) on each system, before hashing them. Otherwise you are hashing different byte sequences, and will - naturally - get different hash results.
Best regards,
Morten K. Poulsen
Add a comment