SHA-512 with salt not matching between Java and PHP

2
votes

My application uses salted hash in Java. First a random salt is generated. Then this salt is prefixed to the SHA-512 of the input password and the combined string is SHA-512 again.It is implemented as follows:-

String password = testpwd.getText().toString();
SecureRandom rand = new SecureRandom();
byte[] randbytes = new byte[16];
rand.nextBytes(randbytes);
String encodedSalt = Base64.encodeToString(randbytes, Base64.DEFAULT);

MessageDigest digest = MessageDigest.getInstance("SHA-512");
digest.reset();
digest.update(password.getBytes("utf-8"));
byte[] pwdhash = digest.digest();
String encodedPwd = Base64.encodeToString(pwdhash, Base64.DEFAULT);

String saltedPassword = encodedSalt+encodedPwd ;

digest.reset();
digest.update(saltedPassword.getBytes("utf-8"));
byte[] pwdhash1 = digest.digest();
String encodedPwdSalt = Base64.encodeToString(pwdhash1, Base64.DEFAULT);

Then the strings encodedSalt and encodedPwdSalt are sent to web server for authentication. The PHP encryption is as follows:

$postpassword = $_POST['password'];
$postsalt = $_POST['salt'];
$salt = base64_decode($postsalt);
$password = base64_decode('postpassword');

The SHA-512 hashs of the password "Ditglt@785" is stored in the database. It is retrieved and processed as follows:-

$getsaltpwd = $salt.$dbpassword ;
$dbsaltpwd = hash('sha512', $getsaltpwd);
if($dbpassword == $postpassword) {}

The condition always fails and so does the authentication. What should I do ?

3
javaphphashsha512
When comparing to $postpassword, shouldn't you be using $dbsaltpwd instead of $dbpassword?Robby Cornelissen
What is base64_decode('postpassword'); doing in your first PHP block? (Why decode a constant?)k_ssb
You shouldn't be base64-decoding your salt in PHP either because you're hashing a base64- encoded salt in Java.Robby Cornelissen
@John You should be more specific about what process of encode/concat/hash steps you want. There's clearly a mismatch between Java and PHP, and we're left guessing which process is the intended one.k_ssb
@RobbyCornelissen you are right about "using $dbsaltpwd instead of $dbpassword". But it was a typo while posting the question here. In code it is as you mentioned.John

3 Answers

2
votes

The PHP version hashes raw bytes while the Java version hashes base64-encoded strings.

Here's a Java version that matches what your PHP code does:

digest.reset();
digest.update(randbytes);
digest.update(pwdhash);
byte[] pwdhash1 = digest.digest();
String encodedPwdSalt = Base64.encodeToString(pwdhash1, Base64.DEFAULT);

Having said that, it would be more secure to store the salt and the salted password in the database, and to use at least some key derivation function (iterate the hash function many times) in order to counteract any potential brute-forcing of the stored hashes.

1
votes

Since your Java code correctly follows what you describe in your specification, the problem lies on the PHP side.

With your Java code as-is, it generates the following values when encoding the string "password" with a random salt:

encodedSalt: ww0g+f77ygKD7Iww1GTYtg==
encodedPwd: sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==
encodedPwdSalt: YAGG7GcpUxIZzBnHuaezPf5BWFhFalBPgvue/0wFoRLu+JsKslG8wPCv6dPubIBk1aFIJ8spK8S17347aDBAYA==

In PHP, what you would need to do is the following:

$postpassword = 'YAGG7GcpUxIZzBnHuaezPf5BWFhFalBPgvue/0wFoRLu+JsKslG8wPCv6dPubIBk1aFIJ8spK8S17347aDBAYA==';
$postsalt = 'ww0g+f77ygKD7Iww1GTYtg==';
$dbpassword = 'sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==';

if($postpassword == base64_encode(hash('sha512', $postsalt.$dbpassword, true))) {
    echo 'OK';
}
0
votes

Check if the padding matches. I experienced the same problem with encryption where the padding in PHP was different from the padding in JAVA. Luckily I was able to set the padding in JAVA to the one that PHP uses. But I had to look at PHP source code to figure out how. As far as I remember it was not possible to change the padding in PHP back then.

Here is the question I posted back then: decrypting php encrypted data on android

[...] you need to set Base64.decode with the parameter Base64.NO_WRAPas PHP will just put out the base64 delimited by \0.