2

Make SHA1 hash from string '12345' with as3crypto in as3 the same way how it is done in there example:

var sha1:SHA1 = new SHA1;
var src:ByteArray = Hex.toArray("12345");
var digest:ByteArray = sha1.hash(src);
trace('SHA:' + Hex.fromArray(digest));

result : ec60c0fd70d82a7785f6c9a02dbe16f2e40b1344

Make SHA1 from the same string in PHP:

print "SHA:".sha1("12345");

result : 8cb2237d0679ca88db6464eac60da96345513964

If I try other tools to obtain hash I get the second result, so it looks like the result from PHP is correct.

Question: How can I get the same hash with as3crypto?

BTW: when testing I found that another way with as3crypto gives me another (wrong?) result:

var src:ByteArray = new ByteArray();
src.writeUTF("12345");
var digest:ByteArray = sha1.hash(src);
trace('SHA:' + Hex.fromArray(digest));

result : b98cfbc53daec4029895585ab198f7403d0d0506

user621684
  • 51
  • 1
  • 3
  • 1
    This is probably due to different character encodings. – Gumbo Feb 17 '11 at 16:20
  • Can you not pass in a simple string in AS3? `var src = '12345'`? I'm suspecting that however those ByteArrays get stringified for the hash function, they're nothing coming out as '12345' anymore. – Marc B Feb 17 '11 at 16:22
  • @MarcB - apparently not, according to the source that function only takes a byte array as input. It's an unusual crypto library, though - most allow you to continually "update" the input stream, and then get a final digest. This one appears to require the entire input to be in memory first and then digests it in one fell swoop. – Alnitak Feb 17 '11 at 16:28
  • Thanks to A. R. Younce. It works with src.writeUTFBytes("12345"); – user621684 Feb 18 '11 at 07:13

4 Answers4

2

The correct way to match a php sha1 using as3crypto lib is to do the following:

var src:ByteArray = Hex.toArray(Hex.fromString(srcString));
var sha1:SHA1 = new SHA1();
var hashedString:String = Hex.fromArray(sha1.hash( src ));

The first additional Hex.fromString avoids your decimal conversion as others have mentioned.

Note: The as3corelib version is much simpler: as3corelib SHA1

var hashedString:String = SHA1.hash( srcString );
Michael
  • 3,776
  • 1
  • 16
  • 27
2

The hexadecimal (you're converting it with Hex.toArray) value of 12345 is not the same as the string "12345".

You are converting a decimal number to a hexadecimal byte array and hashing it, and then comparing it to a hash of a string generated in PHP. These will never match.

If you absolutely need to compare two hex number together then a change to your PHP like this should probably work.

print "SHA:" . sha1(dechex(12345));

See the dechex PHP documentation for more.

A. R. Younce
  • 1,913
  • 17
  • 22
  • Right, I converted it with Hex.toArray in the first example. The problem is that in the second example (see after BTW) I do not use this function and still have wrong hash. – user621684 Feb 17 '11 at 17:08
  • 3
    Are you checking the output of writeUTF to see exactly what you're hashing? I've seen suggestions that it prefixes the string with its length. See: http://symmetri.blogsome.com/2008/12/17/flex-writeutf-vs-writeutfbytes/ Try writeUTFBytes() instead. – A. R. Younce Feb 17 '11 at 18:43
  • Thanks for your help. Now it works with src.writeUTFBytes("12345"); – user621684 Feb 18 '11 at 07:12
1
var sha1:SHA1 = new SHA1(); 
var src:ByteArray = new ByteArray(); 
src.writeUTFBytes("12345"); 
trace( Hex.fromArray( sha1.hash( src ) ) );

using writeUTFBytes, this method write the string into bytesarray object without BOM.

dainan13
  • 11
  • 2
1

The PHP output is definitely correct. I tested it against MySQL's sha1 function:

mysql> select sha1('12345');
+------------------------------------------+
| sha1('12345')                            |
+------------------------------------------+
| 8cb2237d0679ca88db6464eac60da96345513964 |
+------------------------------------------+

The likely culprit is this - you're using Hex.toArray() on the input data in this line:

var src:ByteArray = Hex.toArray("12345");

When you need the original string to be in the byte array. I don't know AS3, though, so can't answer why your second attempt also failed.

Alnitak
  • 334,560
  • 70
  • 407
  • 495