Using CryptSharp to validate against wordpress DB

Question

I'm creating a game with Unity and Smart Fox Server and would like to use my wordpress database. My first attempt:

string cryptedPassword = Crypter.PhpassCrypter.Crypt(password);

The output I'm getting has the correct prefix so there's just something I'm not quite grasping.

I tried using the salt string in the wp-settings.php file,

string cryptedPassword = Crypter.PhpassCrypter.Crypt(password, 'bigLongSaltInWP-file');

but I get an 'invalid salt' return.

PHP, and especially phppass, are foreign to me and I'm still reading over phppass specifically, but I'm just not seeing how it's using the salt strings which leads me to believe that I'm completely missing whats happening.

I was so fat off base, but got it working. – J.Milliscone Jun 27 '14 at 22:03 — J.Milliscone, Jun 27 '14 at 22:03

score 0 · Answer 1 · answered Jul 25 '14 at 20:06

To validate a password, you should test

(passwordStoredInWPDatabase == Crypter.PhpassCrypter.Crypt(testPassword, passwordStoredInWPDatabase))

The overload without passwordStoredInWPDatabase calls Crypter.PhpassCrypter.GenerateSalt() with default arguments. This is for storing a new password, not for testing an existing one.

Crypt-based password formats store the algorithm tag and salt at the beginning of the string. When testing an existing password, CryptSharp will pull the salt and incorporate it into the hashing. Since the salt matches, the crypted password will too.

Hope this helps :)

James

Using CryptSharp to validate against wordpress DB

1 Answers1