SHA1Managed doesn't produce the expected SHA1 hash

Question

I have an Excel workbook currently acting as a booking diary. It has users/passwords stored in a database, the passwords are hashed using SHA1 (with no salt at the moment to make this easier)

When I store a user with password password I get the following hash in the database:

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

This is backed up by trying the string here and here, both give the same result as my VBA SHA1 function

So now I want to move this application into C# (probably and ASP.NET web app eventually), so I'm using the following to generate the SHA1 hash:

// Convert plain text into a byte array
byte[] plainTextBytes = Encoding.Default.GetBytes("password");

// Define hash object
HashAlgorithm hash = new SHA1Managed();

// Compute hash value of our plain text
byte[] hashBytes = hash.ComputeHash(plainTextBytes);

// Convert result into a base64-encoded string
string hashValue = Convert.ToBase64String(hashBytes);

Console.WriteLine(hashValue);

but this outputs

W6ph5Mm5Pz8GgiULbPgzG37mj9g=

I must have done some small thing wrong, but I can't work out what it is :(. I have tried the different encoding types (UTF8, ASCII, Unicode) but none produce the correct hash

Can someone shed some light on this for me please?

Answer 1

You converted the string to base64, although it seems you want hex. Convert to hex instead.

Answer 2

You should convert hashBytes into HexString, not Base64.

Answer 3

 string hashValue = Convert.ToBase64String(hashBytes);

That's the problem statement, the result string you quoted was not base64 encoded, it was encoded in hex. You get the value you are looking for with:

 string hashValue = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();

Which produces:

"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"