0

I'm trying to convert the following code that create encryption key to c# the result I need the $key ** and ** $iv

$passphrase = 'asdfghjkl';
$salt =  '123456789' // for test purposes I fixed the value but it should be openssl_random_pseudo_bytes(8);
        $salted = '';
        $dx = '';
        while (strlen($salted) < 48) {
            $dx = md5($dx . $passphrase . $salt, true);
            $salted .= $dx;
        }
        $key = substr($salted, 0, 32);
        $iv = substr($salted, 32, 16);

what I could do until now

string passphrase = "asdfghjkl";
string salt = "123456789";
string key, iv;

byte[] salted = new byte[0];
byte[] dx = new byte[0];

while (salted.Length < 48)
      {
        string a = passphrase + salt;
        byte[] b = Encoding.UTF8.GetBytes(a);

        byte[] rv = new byte[dx.Length + b.Length];
        System.Buffer.BlockCopy(dx, 0, rv, 0, dx.Length);
        System.Buffer.BlockCopy(b, 0, rv, dx.Length, b.Length);

        //dx = MD5CryptoServiceProvider.Create().ComputeHash(rv);
        using (MD5 md5 = MD5.Create())
              {
                dx = md5.ComputeHash(rv);
              }

        byte[] rx = new byte[salted.Length + dx.Length];
        System.Buffer.BlockCopy(salted, 0, rx, 0, salted.Length);
        System.Buffer.BlockCopy(dx, 0, rx, salted.Length, dx.Length);

        salted = rx;
      }
string utfString1 = Encoding.UTF8.GetString(salted);
key = utfString1.Substring( 0, 32);
iv = utfString1.Substring(32, 16);

but I'm not getting the same result

thanks

Improve this question
5
  • That's a very inefficient way to create a salt and key. Do you have to do it this way? Commented Jul 16, 2020 at 12:14
  • unfortunately I have to do it this way, I have to talk to another system using this hashing Commented Jul 16, 2020 at 12:17
  • that's usually an encoding issue. check what your php is using. plus: md5 is not secure! it's been cracked for decades. plus: in php, you should not hash passwords yourself, but use passwod_hash() and password_verify(). Commented Jul 16, 2020 at 12:21
  • @JohnConde: Since this is key derivation from a password it should be slow. This is actually much too fast. Something standard like PBKDF2 is a much better choice. Commented Jul 16, 2020 at 13:52
  • @FranzGleichmann & JohnConde you both are correct, but I don't have the power to change the php code I just need to convert it into c# so I can connect to the system Commented Jul 16, 2020 at 14:15

1 Answer 1

Reset to default
1

The called PHP md5 function will return the md5 hash in raw binary format (16 bytes). Read more about PHP md5.

Here is the equivalent in .NET.

...
var passphrase = Encoding.UTF8.GetBytes("asdfghjkl");
var salt = Encoding.UTF8.GetBytes("123456789");
var salted = new List<byte>();
var dx = new byte[0];
using (var md5 = MD5.Create())
{
    do
    {
        var bytesToHash = dx.Concat(passphrase).Concat(salt);
        dx = md5.ComputeHash(bytesToHash.ToArray());
        salted.AddRange(dx);
    } while (salted.Count < 48);
}

var key = salted.Take(32).ToArray();
var iv = salted.Skip(32).Take(16).ToArray();
...

If you want to check the outputs, use the PHP base64_encode function and the .NET Convert.ToBase64String, then compare the base64 strings.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.