Why is my SHA1 hash not matching?

StackOverflow https://stackoverflow.com/questions/607272

  •  03-07-2019
  •  | 
  •  

Question

I don't think I was specific enough last time. Here we go:

I have a hex string:

742713478fb3c36e014d004100440041004 e0041004e00000060f347d15798c9010060 6b899c5a98c9014d007900470072006f007 500700000002f0000001f7691944b9a3306 295fb5f1f57ca52090d35b50060606060606

The last 20 bytes should (theoretically) contain a SHA1 Hash of the first part (complete string - 20 bytes). But it doesn't match for me.

Trying to do this with PHP, but no luck. Can you get a match?

Ticket:

742713478fb3c36e014d004100 440041004e0041004e00000060 f347d15798c90100606b899c5a 98c9014d007900470072006f00 7500700000002f0000001f7691944b9a

sha1 hash of ticket appended to original:

3306295fb5f1f57ca52090d35b50060606060606

My sha1 hash of ticket:

b6ecd613698ac3533b5f853bf22f6eb4afb94239

Here's what is in the ticket and how it's being stored. FWIW, I can pull out username, etc, and spot the various delimiters. http://www.codeproject.com/KB/aspnet/Forms_Auth_Internals/AuthTicket2.JPG

Edited: I have discovered that the string is padded on the end by the decryption function it goes through before this point. I removed the last 6 bytes and adjusted by ticket and hash accordingly. Still doesn't work, but I'm closer.

Was it helpful?

Solution

Your ticket is being calculated on the hex string itself. Maybe the appended hash is calculated on another representation of the same data?

OTHER TIPS

I think you are getting confused about bytes vs characters.

Internally, php stores every character in a string as a byte. The sha1 hash that PHP generates is a 40 character (40 byte) hexademical representation of the 20-byte binary data, since each binary value needs to be represented by 2 hex characters.

I'm not sure if this is the actual source of your discrepancy, but seeing this misunderstanding makes me wonder if it's related.

Try trimming the string first, its suprisingly easy to have a newline or space on the end that changes the hash completely.

According to this Online SHA1 tool the hash of the given text (after removing new lines and spaces) is

b6ecd613698ac3533b5f853bf22f6eb4afb94239

Idea: Make sure your inputing characters not a hex number to the PHP version.

The problem was that the original was a keyed hash. I had to use hash_hmac() with a validation key rather than sha1() without.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top