VB.net + mySQL + md5 hashing advice

Question

Sorry if this has already been answered. I looked but could not find anything specific.

I am writing a program in VB.NET that shares a login with an internet forum using IP Board 3.4.5 .

I am having difficulty with the password part - the forum uses an md5 hash with a 4 character salt. The documentation expresses it in PHP as follows:

$hash = md5( md5( $salt ) . md5( $password ) );

I need to reach the same result using VB.NET , would anyone be able to give me a pointer as to how to achieve this?

Answer 1

While I'm not familiar with how salts are supposed to work, I've created a function that hashes a password and a salt, then uses them as input to create the final hash.

You'll need these:

Imports System.Security.Cryptography
Imports System.Text
Imports System.IO

To run this:

Private Function CreateMD5(password As String, salt As String) As String
    Dim passwordBytes() As Byte = Encoding.UTF8.GetBytes(password)
    Dim saltBytes() As Byte = Encoding.UTF8.GetBytes(salt)
    Dim saltedPasswordHash As Byte()

    Dim md5Hasher As MD5 = Security.Cryptography.MD5.Create()
    Dim buffer As New MemoryStream
    Dim writer As New StreamWriter(buffer) With {.AutoFlush = True}

    Try
        writer.Write(md5Hasher.ComputeHash(passwordBytes))
        writer.Write(md5Hasher.ComputeHash(saltBytes))
        buffer.Position = 0
        saltedPasswordHash = md5Hasher.ComputeHash(buffer)
    Finally
        writer.Dispose()
        buffer.Dispose()
        md5Hasher.Dispose()
    End Try

    Return String.Concat(BitConverter.ToString(saltedPasswordHash).Split("-"c))
End Function

Example usage:

Dim saltedHash As String = CreateMD5("password", "salt")
Console.WriteLine(saltedHash)

Output:

CDA7359AB6408E7F0088CAB68470D5FE