Encrypting a password the same in C# and PHP?

Need help with an engine or coding not on the list? Need help with a game or the website and forums here? Direct all questions here.
Post Reply
User avatar
OldRod
Posts: 1321
Joined: Sun Sep 20, 2009 4:26 pm

Encrypting a password the same in C# and PHP?

Post by OldRod »

I am trying to find a way to encrypt a password in both C# and PHP that produces the same results in each.

That way players could log in to the game (created in Unity) and play or they could log in to a web page (created with PHP) and see their gear, achievements, etc. when they weren't playing.

I was hoping to use PHP_Verify and PHP_Hash in PHP, as they look solid, but I haven't found a way to do the same in C# that produces the same encryption. I found a NuGet package called Cryptsharp, and tried it, but it's not exactly identical for some reason.

Anyone know of a way to do this?
User avatar
KyleMassacre
Posts: 573
Joined: Wed Nov 27, 2013 12:42 pm

Re: Encrypting a password the same in C# and PHP?

Post by KyleMassacre »

Quick question:
Is the Unity version for lack of a better term going to be somehow different than the web version? If so, seems a little odd. I figured you would just develop an API resource to communicate between the game and your database.

Player enters credentials, credentials get sent to your server and validated there. If you go that route you could look at https://oauth2.thephpleague.com/

**EDIT**
If you haven’t gotten too far on your web side of things and are not opposed to using frameworks you could look at Laravel. Laravel has a package called Passport which basically uses the package I linked to and allows for OAuth and you can even look into Socialite for Laravel which allows authentication through Google, FB, Twitter and etc.
User avatar
Sharlenwar
Posts: 524
Joined: Mon May 28, 2012 7:14 pm

Re: Encrypting a password the same in C# and PHP?

Post by Sharlenwar »

I'm no expert, but if you are going to encrypt a password in C#, I imagine you would use the same method that PHP uses, this way the "hashstring" should be identical.
Deep within the Void of Quasion, a creation.

**My Corner of the Web**
***NEW***GrindFest - My own PHP/MySQL game!
Sharlenwar's Adventures
Torn-City - Massively multiplayer online text based RPG
User avatar
KyleMassacre
Posts: 573
Joined: Wed Nov 27, 2013 12:42 pm

Re: Encrypting a password the same in C# and PHP?

Post by KyleMassacre »

Sharlenwar wrote:I'm no expert, but if you are going to encrypt a password in C#, I imagine you would use the same method that PHP uses, this way the "hashstring" should be identical.
I think that is what he is stating he is having trouble with. I myself can’t really think of a scenario where you need to use a hash system twice which is why I suggested an OAuth approach. A JWT would work as well which is similar in fashion.

User logs in on app -> App sends HTTP request to website -> Website validates credentials-> Website returns a token -> token is used for everything else
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Encrypting a password the same in C# and PHP?

Post by Jackolantern »

I believe this is what Kyle was mentioning, but is there some reason why you can't use the exact same login table to login in both? You could then go on and have separate tables for the PHP and C# code.

But if you need to have them separate, I think the issue is that you are looking at what are essentially convenience functions in PHP that don't exist in exactly the same form in C#. You will need to create your own hashing function and use a lower-level function. Just ensure you are using the same hashing algorithm, such as SHA-256 and the same SALT if you use one. Both .NET and PHP include support for directly hashing a string value, and provided you use the same algorithm and SALT, they will produce the same hashed output value. Then you can write the logic in both systems to use that hash function you write on the incoming passwords and compare them to the hashed value in the database and it should work out fine :)
The indelible lord of tl;dr
User avatar
hallsofvallhalla
Site Admin
Posts: 12031
Joined: Wed Apr 22, 2009 11:29 pm

Re: Encrypting a password the same in C# and PHP?

Post by hallsofvallhalla »

my suggestion is to hire a 80 year old security guard.
User avatar
OldRod
Posts: 1321
Joined: Sun Sep 20, 2009 4:26 pm

Re: Encrypting a password the same in C# and PHP?

Post by OldRod »

Sharlenwar wrote:I'm no expert, but if you are going to encrypt a password in C#, I imagine you would use the same method that PHP uses, this way the "hashstring" should be identical.
That's what I'm trying to do - find a method that words in both, that produces the same hash

I have it set up where the player logs in through Unity to play, but they also can access a web site using the same username/password and look at their stats, look at various items their character has, etc. At least that's the plan. So the password has to be encrypted the same way by both PHP and C# in order to work.
User avatar
OldRod
Posts: 1321
Joined: Sun Sep 20, 2009 4:26 pm

Re: Encrypting a password the same in C# and PHP?

Post by OldRod »

hallsofvallhalla wrote:my suggestion is to hire a 80 year old security guard.
:)

"It's only 2 days to retirement, don't shoot me!!"
User avatar
OldRod
Posts: 1321
Joined: Sun Sep 20, 2009 4:26 pm

Re: Encrypting a password the same in C# and PHP?

Post by OldRod »

Jackolantern wrote:I believe this is what Kyle was mentioning, but is there some reason why you can't use the exact same login table to login in both? You could then go on and have separate tables for the PHP and C# code.

But if you need to have them separate, I think the issue is that you are looking at what are essentially convenience functions in PHP that don't exist in exactly the same form in C#. You will need to create your own hashing function and use a lower-level function. Just ensure you are using the same hashing algorithm, such as SHA-256 and the same SALT if you use one. Both .NET and PHP include support for directly hashing a string value, and provided you use the same algorithm and SALT, they will produce the same hashed output value. Then you can write the logic in both systems to use that hash function you write on the incoming passwords and compare them to the hashed value in the database and it should work out fine :)
OK, thanks. I'll do some digging. I was just hoping there was a method out there, but I am not turning it up on Google.
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Encrypting a password the same in C# and PHP?

Post by Jackolantern »

OldRod wrote: That's what I'm trying to do - find a method that words in both, that produces the same hash
Then you want the low-level hashing algorithm methods. So in PHP you want to just use the hash() method:

Code: Select all

$hashedValue = hash('sha256', 'The quick brown fox jumped over the lazy dog.');
And in C#:

Code: Select all

using System.Security.Cryptography;

//...
SHA256 mySHA256 = SHA256Managed.Create();
var hashedValue = mySHA256.ComputeHash("The quick brown fox jumped over the lazy dog.");
In both cases, hashedValue should be the same.

EDIT: That should be right. In all honesty, I think I have forgotten PHP. But I used the C# one just a week or two ago.
The indelible lord of tl;dr
Post Reply

Return to “Advanced Help and Support”