[7days7]

Hello community,

I've worked on login system which includes web panel for accessing account data. The problem shows after trying to hash already hashed strings like password and salt together. I've to say I don't know if issues are in gamemode or in php script. There's a pastebin code with results on the screen and console as well:

pawn - https://pastebin.com/B86hVVSr
php - https://pastebin.com/fxN8scjN

I've tried to change functions to another which formating and hashing data too but without any good sign indicating any irregularities. Last (third) hash still does not fit. So what is wrong and what should I do?

Thank you in advance for response

[Kaperstone]

you will need to join the strings with strcat and only then hash. (misusing the salt)

pawn Код:

strcat(MyHash1,MyHash2);

`SHA256_PassHash` second parameter is a salt and I guess when its in use it will scramble the initial string before hashing and not just append.

[Meller]

You do realize you're hashing an already hashed password?
SHA256_PassHash(MyHash1, MyHash2, MyHash3, sizeof MyHash3);

Do this:


new anotherone[sizeof(MyHash1)+sizeof(MyHash2)]
format(anotherone, sizeof anotherone, "%s%s", MyHash1, MyHash2);
SHA256_PassHash("password", #, MyHash3, sizeof MyHash3);

[7days7]

Yes, I do. Indeed and I did it consciously. As I said before - "I've tried to change functions to another which formating and hashing data", in this case like format() too. Here you've results of code:

Код:

SHA256_PassHash(MyHash1, MyHash2, MyHash3, sizeof MyHash3);
printf("Returned hash: %s", MyHash3);

gives : 81FD619C1964ED0EEF59BDCA6123E5E3ED269CDF44457CE098 75D8A333F42392

Код:

new anotherone[sizeof(MyHash1)+sizeof(MyHash2)];
format(anotherone, sizeof anotherone, "%s%s", MyHash1, MyHash2);
SHA256_PassHash(anotherone, #, MyHash3, sizeof MyHash3);
printf("Returned hash: %s", MyHash3);

gives: 81FD619C1964ED0EEF59BDCA6123E5E3ED269CDF44457CE098 75D8A333F42392

Код:

strcat(MyHash1, MyHash2);   // size of string is okay
SHA256_PassHash(MyHash1, #, MyHash1, sizeof MyHash1);

gives: 81FD619C1964ED0EEF59BDCA6123E5E3ED269CDF44457CE098 75D8A333F42392

So I guess that if each attempt gave us same result then problem is somewhere in php?

[Kaperstone]

I have no idea why the first two give identical hashes but once they're joined it gives a different.
Can you try a plugin for this ?

[7days7]

Yes and after include SHA256.inc ( https://github.com/AbyssMorgan/SA-MP...amp/SHA256.inc ) it seems to work fine:

Код:

new hash[128 + 1];
format(hash, sizeof hash, "%s%s", SHA256("password"), SHA256("qwerty"));
printf("Returned hash: %s", SHA256(hash));

gives: e73627dbaacba2a5b491b204e1f29c7f31a5aa3650be2b69dd f49d33a621f921

Lowercase but matches with hash at web. So default SHA256_PassHash() isn't working properly? Anyway, thank you for ideas! Solved @down: Thank you again!

[Kaperstone]

By the way, better to avoid using `format` for such simple cases.
http://forum.sa-mp.com/showpost.php?...47&postcount=5

[Vince]

Quote:

Originally Posted by Kaperstone I have no idea why the first two give identical hashes but once they're joined it gives a different.

Because the exact same input string is being hashed. The only difference is that in the first case the hash function implicitly does the concatenation and in the second case the concatenation is performed explicitely. If you use the SHA256_PassHash function with password "password" and salt "qwerty" then what actually gets fed into the algorithm is simply "passwordqwerty". The function does not hash each part separately.