I am using the SHA512 hash to transfer some encrypted data between my app and it's backend. However, I'm having a odd situation and have no idea what might be causing it.
So, I've got following setups tested:
Android 2x SHA512
Android 1x SHA512 -> CryptoJS 1x SHA512
PHP 2x SHA512
So, when I do the first 2x Android hashing, I get the same result as when I do the 1x android -> 1x cryptojs. However, when I do the PHP 2x, I get the same result as I get on the first Android pass, but the second encryption pass of the PHP is different.
On PHP, I've tried both the hash() and openssl_digest() functions with raw bytes as output.
PHP:
$firstpass = base64_encode(hash('sha512', $enteredPassword, true));
//$firstpass = base64_encode(hash('sha512', $enteredPassword, true));
//$secondpass = base64_encode(openssl_digest($firstpass, 'sha512', true));
$secondpass = base64_encode(hash('sha512', $firstpass, true));
Android:
public static String encryptPassword(String password) {
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-512");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
if (md != null) {
md.update(password.getBytes());
byte byteData[] = md.digest();
String base64 = Base64.encodeToString(byteData, Base64.DEFAULT);
return base64;
}
return password;
}
CryptoJS:
var password = cryptojs.SHA512(req.params.password);
var basepassword = password.toString(cryptojs.enc.Base64);
Why would my first hash be correct and my second not and how could I fix this?
SHA1 is not made for security, don't use it for this. Grab any implementation of BCrypt and do security right. As for the different hashes: Most likely an encoding issue related to Strings.