• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

Compute SHA-1 Hash in Android/Java and C#

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I need to construct a hash in Android, that given the same inputs in ASP.NET will generate an equivalent hash. May i know which part am i wrong in my java code?


below is my c# code, the hash result value = "0KRg7JtDNE/lkobY3OZqpzUAMgA2ADEA"
         

below is my java code, the result it " hgS6gq6s+8C8/BqVz2b9Ofanq0g=\n"

     

 
Saloon Keeper
Posts: 13197
286
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to CodeRanch!

Encoding.Unicode is not UTF-8.

If changing this fixes your problem, stop what you're doing anyway.

Generating the same hash on two different machines is extremely suspect. The only reason to do so would be to sign and validate data, in which case you should be using a proper signing algorithm, not write you own custom algorithm.

However, I see you're trying to hash a password, which means that you're not trying to sign and validate.

DON'T DO THIS. There is not a single good reason you can give me to want to generate the same hash for a password on two different systems. You're begging for your system to get hacked.

Please explain to us what the purpose of your application is, and we can offer you a better approach.
 
Saloon Keeper
Posts: 24202
166
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:
DON'T DO THIS. There is not a single good reason you can give me to want to generate the same hash for a password on two different systems. You're begging for your system to get hacked.

 
js chew
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stephan, thank you for your reply and advised.

i have changed my code from to yet solve the problem.

The reason why im trying to do this is due to in asp.net im using the hash algorithm to store the password and based on my understanding it cannot be decrypted, and my plan was download the same credentials from sqlserver to sqlite so that the user can use back the same password to login from their mobile. Therefore in order for them to use back the same password as stored in sql server, i need the same hash password.
 
Saloon Keeper
Posts: 7073
165
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A mobile device should have connectivity (at least if the app does anything worthwhile logging in for) - create a REST service for the app to use to log into your server.
 
Stephan van Hulst
Saloon Keeper
Posts: 13197
286
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As Tim Moores pointed out, you should let your mobile application make all requests through a web service that is also responsible for authenticating your users.

However, if you choose to follow our advise and do this, you still should not write your own salt and hash code. That's what people did decades ago, it's not secure, and we moved on.

There was a time I would advise you to use the Rfc2898DeriveBytes class to generate a hash from a password, but even that is inadvisable because you're not leveraging the tools that your web application framework is offering you.

The REAL solution is to use ASP.NET Identity (or ASP.NET Core Identity if you're lucky enough to work with ASP.NET Core), to authenticate your users. Then, you can just use something like OAuth to login to your web service from your mobile phone.
 
It's a pleasure to see superheros taking such an interest in science. And this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic