将C＃哈希代码迁移到PHP

Question

I know there are similar questions already on SO but none of them seem to address this problem. I have inherited the following c# code that has been used to create password hashes in a legacy .net app, for various reasons the C# implementation is now being migrated to php:

string input = "fred";
SHA256CryptoServiceProvider provider = new SHA256CryptoServiceProvider();
byte[] hashedValue = provider.ComputeHash(Encoding.ASCII.GetBytes(input));
string output = "";
string asciiString = ASCIIEncoding.ASCII.GetString(hashedValue);
foreach ( char c in asciiString ) {
   int tmp = c;
   output += String.Format("{0:x2}", 
             (uint)System.Convert.ToUInt32(tmp.ToString()));
}
return output;

My php code is very simple but for the same input "fred" doesn't produce the same result:

$output = hash('sha256', "fred");

I've traced the problem down to an encoding issue - if I change this line in the C# code:

string asciiString = ASCIIEncoding.ASCII.GetString(hashedValue);

to

string asciiString = ASCIIEncoding.UTF7.GetString(hashedValue);

Then the php and C# output match (it yields d0cfc2e5319b82cdc71a33873e826c93d7ee11363f8ac91c4fa3a2cfcd2286e5).

Since I'm not able to change the .net code I need to work out how to replicate the results in php.

Thanks in advance for any help,

Answer 1

I don't know PHP well enough to answer your question; however, I must point out that your C# code is broken. Try generating the hash of these two inputs: "âèí" and "çñÿ" . You will find that their hash collides:

3f3b221c6c6e3f71223f51695d456d52223f243f3f363949443f3f763b483615

The first bug lies in this operation:

Encoding.ASCII.GetBytes(input)

This assumes that all characters within your input are US-ASCII. Any non-ASCII characters would cause the encoder to fall back to the byte value for the ? character, thereby giving (unwanted) hash collisions, as demonstrated above. Notwithstanding, this will not be an issue if your input is constrained to only allow US-ASCII characters.

The other (more severe) bug lies in the following operation:

ASCIIEncoding.ASCII.GetString(hashedValue)

ASCII only defines mappings for values 0–127. Since the elements of your hashedValue byte array may contain any byte value (0–255), encoding them as ASCII would cause data to be lost whenever a value greater than 127 is encountered. This may lead to further “unwanted” (read: potentially maliciously generated) hash collisions, even when your original input was US-ASCII.

Given that, statistically, half of the bytes constituting your hashes would be greater than 127, then you are losing at least half the strength of your hash algorithm. If a hacker gains access to your stored hashes, it is quite likely that they will manage to devise an attack to generate hash collisions by exploiting this cryptographic weakness.

Edit : Notwithstanding the considerations mentioned in my posts and Jon's, here is the PHP code that succumbs to the same weakness – so to speak – as your C# code, and thereby gives the same hash:

$output = hash('sha256', $input, true);

for ($i = 0; $i < strlen($output); $i++)
   if ($output[$i] > chr(127))
       $output[$i] = '?';

$output = bin2hex($output);

Answer 2

您能否使用mb_convert_encoding（请参阅http://php.net/manual/zh-CN/function.mb-convert-encoding.php-该页面还提供了所支持的编码列表的链接）将PHP字符串从UTF7转换为ASCII ？

Answer 3

I've traced the problem down to an encoding issue

Yes. You're trying to treat arbitrary binary data as if it's valid text-encoded data. It's not. You should not be using any Encoding here.

If you want the results in hex, the simplest approach is to use BitConverter.ToString

string text = BitConverter.ToString(hashedValue).Replace("-", "").ToLower();

And yes, as pointed out elsewhere, you probably shouldn't be using ASCII to convert the text to binary at the start of the hashing process. I'd probably use UTF-8.

It's really important that you understand the problem here though, as otherwise you'll run into it in other places too. You should only use encodings such as ASCII, UTF-8 etc (on any platform) when you've genuinely got encoded text data. You shouldn't use them for images, the results of cryptography, the results of hashing, etc.

EDIT: Okay, you say you can't change the C# code... it's not clear whether that just means you've got legacy data , or whether you need to keep using the C# code regardless. You should absolutey not run this code for a second longer than you have to.

But in PHP, you may find you can get away with just replacing every byte with a value >= 0x80 in the hash with 0x3F, which is the ASCII for "question mark". If you look through your data you'll probably find there are a lot of 3F bytes in there.

If you can get this to work, I would strongly suggest that you migrate over to the true MD5 hash without losing information like this. Wherever you're storing the hashes, store two: the legacy one (which is all you have now) and the rehashed one. Whenever you're asked to validate that a password is correct, you should:

• Check whether you have a "new" one; if so, only use that - ignore the legacy one.
• If you only have a legacy one:
  • Hash the password in the broken way to check whether it's correct
  • If it is, hash it again properly and store the results in the "new" place.

Then when everyone's logged in correctly once, you'll be able to wipe out the legacy hashes.