Encrypting a password the same in C# and PHP?

Need help with an engine or coding not on the list? Need help with a game or the website and forums here? Direct all questions here.

Encrypting a password the same in C# and PHP?

Postby OldRod » Fri Jul 06, 2018 2:50 pm

I am trying to find a way to encrypt a password in both C# and PHP that produces the same results in each.

That way players could log in to the game (created in Unity) and play or they could log in to a web page (created with PHP) and see their gear, achievements, etc. when they weren't playing.

I was hoping to use PHP_Verify and PHP_Hash in PHP, as they look solid, but I haven't found a way to do the same in C# that produces the same encryption. I found a NuGet package called Cryptsharp, and tried it, but it's not exactly identical for some reason.

Anyone know of a way to do this?
User avatar
OldRod
 
Posts: 1320
Joined: Sun Sep 20, 2009 11:26 am
Location: Kansas
Has thanked: 2 times
Been thanked: 9 times

Re: Encrypting a password the same in C# and PHP?

Postby KyleMassacre » Fri Jul 06, 2018 3:09 pm

Quick question:
Is the Unity version for lack of a better term going to be somehow different than the web version? If so, seems a little odd. I figured you would just develop an API resource to communicate between the game and your database.

Player enters credentials, credentials get sent to your server and validated there. If you go that route you could look at https://oauth2.thephpleague.com/

**EDIT**
If you haven’t gotten too far on your web side of things and are not opposed to using frameworks you could look at Laravel. Laravel has a package called Passport which basically uses the package I linked to and allows for OAuth and you can even look into Socialite for Laravel which allows authentication through Google, FB, Twitter and etc.
Skype: KyleMassacre
My NWE Modules
User avatar
KyleMassacre
 
Posts: 567
Joined: Wed Nov 27, 2013 7:42 am
Has thanked: 19 times
Been thanked: 36 times

Re: Encrypting a password the same in C# and PHP?

Postby Sharlenwar » Fri Jul 06, 2018 5:25 pm

I'm no expert, but if you are going to encrypt a password in C#, I imagine you would use the same method that PHP uses, this way the "hashstring" should be identical.
Deep within the Void of Quasion, a creation.

**My Corner of the Web**
Sharlenwar's Adventures
Torn-City - Massively multiplayer online text based RPG
User avatar
Sharlenwar
 
Posts: 506
Joined: Mon May 28, 2012 2:14 pm
Has thanked: 3 times
Been thanked: 4 times
Blog: View Blog (2)

Re: Encrypting a password the same in C# and PHP?

Postby KyleMassacre » Fri Jul 06, 2018 5:49 pm

Sharlenwar wrote:I'm no expert, but if you are going to encrypt a password in C#, I imagine you would use the same method that PHP uses, this way the "hashstring" should be identical.

I think that is what he is stating he is having trouble with. I myself can’t really think of a scenario where you need to use a hash system twice which is why I suggested an OAuth approach. A JWT would work as well which is similar in fashion.

User logs in on app -> App sends HTTP request to website -> Website validates credentials-> Website returns a token -> token is used for everything else
Skype: KyleMassacre
My NWE Modules
User avatar
KyleMassacre
 
Posts: 567
Joined: Wed Nov 27, 2013 7:42 am
Has thanked: 19 times
Been thanked: 36 times

Re: Encrypting a password the same in C# and PHP?

Postby Jackolantern » Fri Jul 06, 2018 10:12 pm

I believe this is what Kyle was mentioning, but is there some reason why you can't use the exact same login table to login in both? You could then go on and have separate tables for the PHP and C# code.

But if you need to have them separate, I think the issue is that you are looking at what are essentially convenience functions in PHP that don't exist in exactly the same form in C#. You will need to create your own hashing function and use a lower-level function. Just ensure you are using the same hashing algorithm, such as SHA-256 and the same SALT if you use one. Both .NET and PHP include support for directly hashing a string value, and provided you use the same algorithm and SALT, they will produce the same hashed output value. Then you can write the logic in both systems to use that hash function you write on the incoming passwords and compare them to the hashed value in the database and it should work out fine :)
The indelible lord of tl;dr
User avatar
Jackolantern
 
Posts: 10889
Joined: Wed Jul 01, 2009 6:00 pm
Location: Houston, TX
Has thanked: 22 times
Been thanked: 92 times
Blog: View Blog (1)

Re: Encrypting a password the same in C# and PHP?

Postby hallsofvallhalla » Fri Jul 06, 2018 10:59 pm

my suggestion is to hire a 80 year old security guard.
User avatar
hallsofvallhalla
Site Admin
 
Posts: 11942
Images: 13
Joined: Wed Apr 22, 2009 6:29 pm
Location: mobile, al
Has thanked: 11 times
Been thanked: 158 times
Blog: View Blog (3)

Re: Encrypting a password the same in C# and PHP?

Postby OldRod » Sat Jul 07, 2018 4:25 pm

Sharlenwar wrote:I'm no expert, but if you are going to encrypt a password in C#, I imagine you would use the same method that PHP uses, this way the "hashstring" should be identical.

That's what I'm trying to do - find a method that words in both, that produces the same hash

I have it set up where the player logs in through Unity to play, but they also can access a web site using the same username/password and look at their stats, look at various items their character has, etc. At least that's the plan. So the password has to be encrypted the same way by both PHP and C# in order to work.
User avatar
OldRod
 
Posts: 1320
Joined: Sun Sep 20, 2009 11:26 am
Location: Kansas
Has thanked: 2 times
Been thanked: 9 times

Re: Encrypting a password the same in C# and PHP?

Postby OldRod » Sat Jul 07, 2018 4:26 pm

hallsofvallhalla wrote:my suggestion is to hire a 80 year old security guard.


:)

"It's only 2 days to retirement, don't shoot me!!"
User avatar
OldRod
 
Posts: 1320
Joined: Sun Sep 20, 2009 11:26 am
Location: Kansas
Has thanked: 2 times
Been thanked: 9 times

Re: Encrypting a password the same in C# and PHP?

Postby OldRod » Sat Jul 07, 2018 4:27 pm

Jackolantern wrote:I believe this is what Kyle was mentioning, but is there some reason why you can't use the exact same login table to login in both? You could then go on and have separate tables for the PHP and C# code.

But if you need to have them separate, I think the issue is that you are looking at what are essentially convenience functions in PHP that don't exist in exactly the same form in C#. You will need to create your own hashing function and use a lower-level function. Just ensure you are using the same hashing algorithm, such as SHA-256 and the same SALT if you use one. Both .NET and PHP include support for directly hashing a string value, and provided you use the same algorithm and SALT, they will produce the same hashed output value. Then you can write the logic in both systems to use that hash function you write on the incoming passwords and compare them to the hashed value in the database and it should work out fine :)

OK, thanks. I'll do some digging. I was just hoping there was a method out there, but I am not turning it up on Google.
User avatar
OldRod
 
Posts: 1320
Joined: Sun Sep 20, 2009 11:26 am
Location: Kansas
Has thanked: 2 times
Been thanked: 9 times

Re: Encrypting a password the same in C# and PHP?

Postby Jackolantern » Sat Jul 07, 2018 5:28 pm

OldRod wrote:That's what I'm trying to do - find a method that words in both, that produces the same hash


Then you want the low-level hashing algorithm methods. So in PHP you want to just use the hash() method:

Code: Select all
$hashedValue = hash('sha256', 'The quick brown fox jumped over the lazy dog.');


And in C#:

Code: Select all
using System.Security.Cryptography;

//...
SHA256 mySHA256 = SHA256Managed.Create();
var hashedValue = mySHA256.ComputeHash("The quick brown fox jumped over the lazy dog.");


In both cases, hashedValue should be the same.

EDIT: That should be right. In all honesty, I think I have forgotten PHP. But I used the C# one just a week or two ago.
The indelible lord of tl;dr
User avatar
Jackolantern
 
Posts: 10889
Joined: Wed Jul 01, 2009 6:00 pm
Location: Houston, TX
Has thanked: 22 times
Been thanked: 92 times
Blog: View Blog (1)

Next

Return to Advanced Help and Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron

x