Android Question SHA1 one way(?) encryption

Discussion in 'Android Questions' started by btg1967, Jan 25, 2015.

  1. btg1967

    btg1967 Member Licensed User

    Hi there,

    I'm now getting to some of the meatier parts of my app... and some of the 'dark arts' of encryption and passing passwords from an app to the web server...

    In order to login, I hope to replicate what I do in the PHP part of the application - Post to a login page with the username and password pair, and then get a token to use through the life of the app.

    The password is passed SHA1 encrypted, and I never decrypt it so that the raw value is never transmitted over an open link ... it's only transmitted over an SSL connection (in case you're wondering, the login page is http, however the login will not work if the server detects the login is not on SSL)

    I've seen this post, and adapted it by adding in my own custom salt, and only SHA1, however get a different result to the results to the sha1 routine I have on my PHP web app.

    Any ideas??

    Code:
    Private pi As String
    Dim MyPwdHash() As Byte
    Dim MyHash As String

        pi = 
    "<<mysalt>>" & "<<users password>>"
        MyPwdHash = md.GetMessageDigest(md5string.GetBytes(
    "UTF8"),"SHA-1")
        MyHash = ByteCon.HexFromBytes(MyPwdHash)
        MyHash = MyHash.ToLowerCase
        
    Log("SHA1: " & MyHash)
    Many thanks,
     
  2. Erel

    Erel Administrator Staff Member Licensed User

    Can you post the PHP code?
     
  3. btg1967

    btg1967 Member Licensed User

    Hi Erel,

    Sorry for the delay in getting back to you.

    PHP code here using the Sha1() function http://php.net/sha1
    Code:
    $hashPWD = sha1(<<mySalt>> . <<userPassword>>);
    All ((unescaped)) raw values sent through $_POST variables
     
  4. Erel

    Erel Administrator Staff Member Licensed User

    Your code looks correct. Try to compare the values to the values you get from an online hash calculator to see where is the problem.
     
  5. Troberg

    Troberg Well-Known Member Licensed User

    Looks like you've got a copy-paste error.

    MyPwdHash = md.GetMessageDigest(md5string.GetBytes("UTF8"),"SHA-1")

    should probably be

    MyPwdHash = md.GetMessageDigest(pi.GetBytes("UTF8"),"SHA-1")

    Now, you put your stuff in one string and run the calculations on another.

    Also, you are missing declations for md and ByteCon, but I assume they are elsewhere, as your code do run.
     
    DonManfred and btg1967 like this.
  6. btg1967

    btg1967 Member Licensed User

    OMG I feel like such a dolt:oops:

    @Troberg you got the issue - cut/paste :rolleyes:- sheesh it's always the simplest of errors. Coding can be very humbling at times...

    For reference, here is the corrected snippet:
    Code:
    Private pi As String
    Dim MyPwdHash() As Byte
    Dim MyHash As String

        pi = 
    "<<mysalt>>" & "<<users password>>"
        MyPwdHash = md.GetMessageDigest(pi.GetBytes(
    "UTF8"),"SHA-1")
        MyHash = ByteCon.HexFromBytes(MyPwdHash)
        MyHash = MyHash.ToLowerCase
        
    Log("SHA1: " & MyHash)
    I had even used http://onlinemd5.com/ to verify my output and was even considering getting someone to write my own library... you have saved me a HUGE amount of time
    • thank you
    • thank you
    • thank you
    :)
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice