SHA-256 with salt verifying from Java in PHP

Question

Users on my system are registered in Java application (source: https://github.com/madtomic/LogIt-1/tree/master/src/main/java/io/github/lucaseasedup/logit/security) and hashing password using SHA-256 with salt. I want now add login system on my WWW page. But I can't verify the passwords.

Example user:

Password: test
Salt: oqhyqTbtEXYYRf8r9jJn
Hash from JAVA: adf6a822c860ad7dc39eb035be1e362ad72f4535eed9a41dc8f99a122d78f5ef

PHP test code:

$_POST['salt'] = "oqhyqTbtEXYYRf8r9jJn";
$_POST['hash'] = "adf6a822c860ad7dc39eb035be1e362ad72f4535eed9a41dc8f99a122d78f5ef";
$_POST['pass'] = "test";


echo("<br>HASH_HMAC ".hash_hmac("sha256", $_POST['pass'], $_POST['salt']));

echo("<br>HASH ".hash("sha256", $_POST['salt']. $_POST['pass']));

echo("<br> HASH #2 ". hash('sha256', $_POST['salt'] . hash('sha256', $_POST['pass']) ));

echo('<br>Java hash: ' . $_POST['hash']);

Result:

HASH_HMAC cc3dcc320479034414506c4ad44fda205b4f5687ff988fa4316edb94d05364ff
HASH b7d8154812a95e0fad70533feb8b1c8b3a53e9efcff936eb5c308d481b6594e6
HASH #2 183d017d9169efbfd5f62ddfacd8d6ef631be287f17e9767fe3978bbc366444c
Java hash: adf6a822c860ad7dc39eb035be1e362ad72f4535eed9a41dc8f99a122d78f5ef

Anything from PHP match Java hash :( What I should do?

chris85 chris85 · Accepted Answer · 2016-06-18T17:16:21

I think you can just use the PHP hash function and concatenate your salt with the password.

$salt = 'oqhyqTbtEXYYRf8r9jJn';
$pass = 'test';
echo hash('sha256', $pass . $salt);

Output:

adf6a822c860ad7dc39eb035be1e362ad72f4535eed9a41dc8f99a122d78f5ef

Demo: https://eval.in/591374

SHA-256 with salt verifying from Java in PHP

1 Answers