在線SHA1散列發生器

So, I am trying to reverse engineer my way to find the right values here.

I am looking at this link: http://sitecoreblog.blogspot.com/2012/05/reset-admin-passord.html

and this link: https://blogs.perficientdigital.com/2018/06/20/upgrading-the-password-hashing-algorithm-for-sitecore-9-installs/

UPDATE dbo.aspnet_Membership SET [Password]='qOvF8m8F2IcWMvfOBjJYHmfLABc=', [PasswordSalt]='OM5gu45RQuJ76itRvkSPFw==', [IsApproved] = '1', [IsLockedOut] = '0'    while len(@Salt) < 16    begin    set @Salt = (@Salt + cast(cast(floor(rand() * 256) as tinyint) as binary(1)))    end

This is the code that Sitecore 7 uses to encode and hash the passwords in SHA1

-- Hash passwordset @HashedPassword = HASHBYTES(@HashAlgorithm, @Salt + cast(@Password as varbinary(128)));-- Convert hash and salt to BASE64select @EncodedHash = cast(N'' as xml).value('xs:base64Binary(xs:hexBinary(sql:column("bin")))', 'varchar(max)') from (select @HashedPassword as [bin] ) Tselect @EncodedSalt = cast(N'' as xml).value('xs:base64Binary(xs:hexBinary(sql:column("bin")))', 'VARCHAR(MAX)') from (select @Salt as [bin] ) T

So, I have password = 'b' , hashed_password = 'qOvF8m8F2IcWMvfOBjJYHmfLABc=' , password_salt = 'OM5gu45RQuJ76itRvkSPFw=='

The whole reason for this is that I need to get the Base64 encoded salt along with the Base64 encoded hashed password to migrate to another system (Okta).

If I was to reverse engineer my way in Python, what would this code look like?

import base64import hashlibimport binasciisalt='OM5gu45RQuJ76itRvkSPFwi=='password = 'b'hashed_pw_salt = hashlib.sha1(hex_salt + password)base64_hash = base64.b64encode(hashed_pw_salt.digest())print base64_hash

I get the hashed password as 'VVNsI7GLzCRREOUcsha/+TbpGd8=' instead.

What is the best way to get the Python code to match the SQL code?

I am beginner in nodejs. I have already implemented encryption and decryption through sha1 and using in asp.net projects. Now we started new project in node and angular. Here i need same login mechanism including encryption and decryption using sha1.

Here is my workable code:

Dependent variable must need for me

        static string passPhrase = "Paaaa5p***";        static string saltValue = "s@1t***lue";        static string hashAlgorithm = "SHA1";        static int passwordIterations = 2;        static string initVector = "@1B2c3D4e5F6****";        static int keySize = 256;

Encryption method to encrypt password or any text.

public static string EncryptText(string text)        {            byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);            byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);            byte[] plainTextBytes = Encoding.UTF8.GetBytes(text);            PasswordDeriveBytes password = new PasswordDeriveBytes(                                                            passPhrase,                                                            saltValueBytes,                                                            hashAlgorithm,                                                            passwordIterations);            byte[] keyBytes = password.GetBytes(keySize / 8);            RijndaelManaged symmetricKey = new RijndaelManaged();            symmetricKey.Mode = CipherMode.CBC;            ICryptoTransform encryptor = symmetricKey.CreateEncryptor(                                                             keyBytes,                                                             initVectorBytes);            MemoryStream memoryStream = new MemoryStream();            CryptoStream cryptoStream = new CryptoStream(memoryStream,                                                         encryptor,                                                         CryptoStreamMode.Write);            cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);            cryptoStream.FlushFinalBlock();            byte[] cipherTextBytes = memoryStream.ToArray();            memoryStream.Close();            cryptoStream.Close();            string decryptText = Convert.ToBase64String(cipherTextBytes);            return decryptText;        }

Decryption method to encrypt password or any text.

    public static string DecryptText(string encryptText)    {        byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);        byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);        byte[] cipherTextBytes = Convert.FromBase64String(encryptText);        PasswordDeriveBytes password = new PasswordDeriveBytes(                                                        passPhrase,                                                        saltValueBytes,                                                        hashAlgorithm,                                                        passwordIterations);        byte[] keyBytes = password.GetBytes(keySize / 8);        RijndaelManaged symmetricKey = new RijndaelManaged();        symmetricKey.Mode = CipherMode.CBC;        ICryptoTransform decryptor = symmetricKey.CreateDecryptor(                                                         keyBytes,                                                         initVectorBytes);        MemoryStream memoryStream = new MemoryStream(cipherTextBytes);        CryptoStream cryptoStream = new CryptoStream(memoryStream,                                                      decryptor,                                                      CryptoStreamMode.Read);        byte[] plainTextBytes = new byte[cipherTextBytes.Length];        int decryptedByteCount = cryptoStream.Read(plainTextBytes,                                                   0,                                                   plainTextBytes.Length);        memoryStream.Close();        cryptoStream.Close();        string text = Encoding.UTF8.GetString(plainTextBytes,                                                   0,                                                   decryptedByteCount);        return text;    }

I have a running C# app with user authentication. I encrypt the passwords with the SHA1Managed class using Encoding.Unicode. Now, we are developing a new PHP web app and it seems that PHP sha1 method uses ASCII, so the encrypted passwords are slightly different.

I cannot change my C# code as it is running in a number of different servers and all user passwords are already encrypted. This cannot be changed as it would imply asking all users their passwords (which is not viable).

I have read the following solutions, however I am not able to solve my problem with them:

1. C# SHA-1 vs. PHP SHA-1...Different Results? In this one they suggest using ASCIIEncoding. However, as I stated before, this cannot be changed.
2. SHA1: different results for PHP and C# and Generate a PHP UTF-16 SHA1 hash to match C# method these one use base64 encoding, and that is not compatible with my C# encoding (I think)
3. php equivalent to following sha1 encryption c# code this one also uses ASCIIEncoding.

This is my C# code which CANNOT be changed:

byte[] msgBytes = Encoding.Unicode.GetBytes(data);SHA1Managed sha1 = new SHA1Managed();byte[] hashBytes = sha1.ComputeHash(msgBytes);StringBuilder hashRet = new StringBuilder("");foreach (byte b in hashBytes)    hashRet.AppendFormat("{0:X}", b);return hashRet.ToString();

This is the PHP code implemented so far:

$str=mb_convert_encoding($password.$SALT, 'UTF-16LE');$result=strtoupper(sha1($str));

The result obtained for an example string "1981" in C#D4CEDCADB729F37C30EBF41BC8F2929AF526AD3

In PHP I get:D4CEDCADB729F37C30EBF41BC8F29209AF526AD3

As can be seen, the only difference between each one is the 0 (zero) char. This happens in all strings, but the 0 appears in different locations.

EDIT

As https://stackoverflow.com/users/1839439/dharman stated, results can't be reproduced exactly as my string has a SALT. However, the results should be different even without the SALT.

SOLUTIONA user gave a suggestion which solved my problem. Unfortunately, he deleted the answer before I could post that it worked. The problem is in C# when I am parsing the bytes to string in the StringBuilder. The format is {0:X} and any leading 0 in the byte is ignored. For example a 01 would be parsed to 1, a 0D would be parsed to D.

Therefore, I had to iterate over pairs of the result obtained in PHP, and remove leading zeros in there.

The final code in PHP is the following:

$str=mb_convert_encoding($password.$SALT, 'UTF-16LE');$result=strtoupper(sha1($str));$array = str_split($result, 2);foreach ($array as &$valor) {    $valor = ltrim($valor, '0');}unset($valor);$result = implode($array);

In objective-c it looks like this:

#include <sys/xattr.h>@implementation NSString (reverse)-(NSString*)sha1{    NSData *data = [self dataUsingEncoding:NSUTF8StringEncoding];    uint8_t digest[CC_SHA1_DIGEST_LENGTH];    CC_SHA1(data.bytes, (int)data.length, digest);    NSMutableString *output = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];    for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; i++)        [output appendFormat:@"%02x", digest[i]];    return output;}@end

I need something like this with Swift, is it possible?

Please, show work example.

I need to RSA sign some data using a combination of the MD5 and SHA1 hashes. I can easily do this for just one or the other but having a combination makes it tricky. It's for the certificate verify message in DTLS 1.0, so it's not like I can just choose to do just one unfortunately.

I believe the steps to be to hash in MD5, then hash in SHA1 and concatenate. Then I need to encrypt with the private key. That's where I'm stuck.

I have an RSACryptoServiceProvider that has the proper private key (it's not exportable). I know I cannot do

rsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);

because it's not just a SHA1 hash so this function sees the hash as invalid since it's 36 bytes instead of 20 bytes as expected.

I also know I cannot do

rsa.SignData(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);

because that's going to hash again.

I believe I'm closer with

rsa.Encrypt(hash, RSAEncryptionPadding.Pkcs1);

however that's using the public key instead of the private key like I need.

Any suggests on how I can either encrypt with the private key or do the signing with MD5+SHA1?