PHP hash password not equals JAVA

picharnan9 years ago

I'm developing API by PHP but stuck with password hashing. My PHP hashing is not equals with JAVA.

I've checked https://www.traccar.org/forums/topic/login-php-hash-and-salt/, I try to use pbkdf2 function from https://defuse.ca/php-pbkdf2.htm but not work.

Here is my code (PHP 5.4.16)

    $username= "username";
    $password = "password";
    $sql = "SELECT * FROM user WHERE email = '".$username."'";
    $result = mysql_query($sql);
    $row = mysql_fetch_assoc($result);
    
    //sha1
    $hashed = pbkdf2("sha1", $password, $row['salt'], 1000, 24);

Do you have any suggestion ?

ps. sorry for my bad English.

Anton Tananaev9 years ago

My guess is that there is a difference in encoding password and/or salt value. Java uses 2 byte unicode characters. Not sure about PHP. Salt and passwords are stored as hex strings in the database, so you need to decode those first. Not sure if pbkdf2 PHP function does it either.

jaimzj9 years ago

I have tried numerous ways, I have added a column of my own to authenticate wtih md5 based passwords.

However the new hashed passwords, I am unable to figure out an easy way to make it work :(

Please help/advice, I Did tried both options shared on the forum, No luck yet.

Anton Tananaev9 years ago

Can I see the code? Ideally a unit test or something.

Have you used hex2bin and bin2hex functions?