I wanted to pass a MD5 hash generated by Ruby program to a PHP program, and found something strange.
Ruby code(result: ad0efdf609e99ec50d9333dc0bd1c11a)
Digest::MD5.hexdigest 'test str1&test str2&test str3&test str4'
PHP code(result: 804160119894a4cc8c376fffbcc21e1c)
PHP online MD5 generator
You can see the results are different... but if I remove the "&" in my string:
Ruby code(result: 45fa91e4c89aa6f3bb501531a5de6bf4)
Digest::MD5.hexdigest 'test str1test str2test str3test str4'
PHP code(result: 45fa91e4c89aa6f3bb501531a5de6bf4)
PHP online MD5 generator
They are the same. Why did this happen? The MD5 algorithm should be same in any language, shouldn't it?
The results of that website are wrong.
Here comes an example (using PHP on the command line):
php -r 'echo md5("test str1&test str2&test str3&test str4");'
Output:
ad0efdf609e99ec50d9333dc0bd1c11a
804160119894a4cc8c376fffbcc21e1c is the MD5 hash for test str1, not test str1&test str2&test str3&test str4.
That on-line generator is obviously corrupting POST data when reading it. According to Firebug, data is already sent corrupted to the server, so the issue is on its client-side form handling. It's easy to find what's wrong:
function sendHttpRequest(w){
var url = "http://www.md5.cz/getmd5.php";
var idWhat = document.getElementById('what');
var params = "what=" + idWhat.value;
^^^^ Pardon???
The correct hash is ad0efdf609e99ec50d9333dc0bd1c11a.
Related
I have an ESP8266 with Nodemcu and an AM2320 sensor.
I am sending temperature and humidity in JSON format in plain text to my HTTP server for collecting datas with PHP and SQLITE3.
That's working right.
But I wish to encrypt my datas with AES-CBC
I encrypt measures on the ESP8266 with crypto.encrypt() function and 'AES-CBC' method like this example:
https://nodemcu-firmware.readthedocs.io/en/latest/en/modules/crypto/#cryptoencrypt
I do the same encryption on my PC with Python 3 .
The resulting string matches with the result on the ESP8266 and LUA 5.1
Next I do the same encryption on my PC but with PHP 7.1
Alas, the resulting string don't match with the previous results.
I am using the 'AES-128-CBC' method on openssl_encrypt() function.
I put the script in the three languages in a gist on Github.com :
https://gist.github.com/bazooka07/bed368d313e218fcba332cb2127c70b1
That's wrong in PHP ?
Can You help me ?
I've tried your code with aes-256-cbc instead of aes-128-cbc in PHP, and it gives the same output. Changing the PHP encrypt method to aes-256-cbc should fix the problem..
I add some fix to my gist for working when the length of the message to encrypt don't mach with a multiple of 16 chars.
In node.js, I have:
var h = crypto.createHash("md5"); // md5
h.update("AAA");
h.digest("hex");
In PHP I have:
md5("AAA");
However, both have different value. How can I make it the same? or else, what other algorithm I should use to make them the same, so that I can use it as signature calculation. Thanks.
Oppss.. actually. my mistake. when I test it, there is a bug.. it will md5 the same thing.
Simple googling I did in the past gave me => http://japhr.blogspot.com/2010/06/md5-in-nodejs-and-fabjs.html
Node.js
Script:
var crypto = require('crypto');
var hash = crypto.createHash('md5').update('AAA').digest("hex");
console.log(hash);
Output:
alfred#alfred-laptop:~/node/hash$ node hash.js
e1faffb3e614e6c2fba74296962386b7
PHP
Code
<?php
echo md5("AAA");
Output:
alfred#alfred-laptop:~/node/hash$ php md5.php
e1faffb3e614e6c2fba74296962386b7
The output for both PHP and node.js are equal.
C extension
Also you might have look at https://github.com/brainfucker/hashlib which uses C implementation which is going to be faster.
Your code creates the same hash value for me, you might doing it wrong at some point
I had the same issue with creating hash for non UTF8 string :
var non_utf8_str = "test_merchant;www.market.ua;DH783023;1415379863;1547.36;UAH;Процессор
Intel Core i5-4670 3.4GHz;Память Kingston DDR3-1600 4096MB
PC3-12800;1;1;1000;547.36";
The results in PHP and NodeJS was different until I used utf8 library.
So following code works equivalent for both PHP and NodeJS :
crypto.createHash('md5').update(utf8.encode(non_utf8_str)).digest('hex');
var hash = crypto.createHash('md5').update(password, 'latin1', 'latin1').digest('hex');
This worked for me. Try different encodings: 'utf8', 'ascii', or 'latin1'.
My script uses openssl_private_decrypt() to decrypt a string encrypted with RSA in another program. Currently it writes to a file. But when I try to open it up in a text editor, it says it can't detect the encoding. If I try to echo it, nothing appears. If I output it's length, I get 256, instead of the correct 3.
I know the decryption is done right because using the cat terminal command on the output file gives the correct data.
$ cat decrypted.txt
It looks like this is a character encoding problem, a problem I hear can give a lot of pain in PHP. I even tried utf8_encode(). What might the problem be?
Here's the code:
$results = '';
openssl_private_decrypt(
base64_decode(
<<<EOS
QWlG+AZIt9GE0hw0wwcPRtUWueMLBxj3YWpa5zQBoz1ttnt7TvlxDtYWZcvaUL/qr2CJCADE2iTR
G72FhAwew2fhqlqmsxL7Nns3yegflTTMXyilVM3mPU4Cx94ylLfa+ZrqrNEepaRorNJ/js5iTq9i
avegO/kYOv4zhEsZirlk/Mj0vVv6irWo8WyZoCDC2SwfGWeSUI8F4pq4FUkRh9V/0zAUZ+3P0A7Z
SrA80dSa6U/J+poRcmE1vRLQXvM8dBtFRKmb0zfltLUBMcMhcglzAhcpemJ99OCZmUuynFRcRNkj
CkOLsO+lSHntcbmXqsKE+of78gnU3tp5hHSHIg==
EOS
),
$results,
openssl_pkey_get_private(
// load private key
),
OPENSSL_NO_PADDING
);
echo $results;
The fact that you're getting decrypted data exactly the length of a single block instead of the length of your expected data is really, really pointing towards a padding problem.
Make sure you're using the same padding flag on both sides.
I'm not familiar with openssl_private_decrypt, but it seems logical to me that you would provide base64_encode()'d data to openssl_private_encrypt().
In such case, you're mangling your data by running in the wrong order on decrypt.
Seems like you would want to decrypt the string first, then run base64_decode() on the unencrypted string.
I have a torrent hash from the magnet link. For example: fda164e7af470f83ea699a529845a9353cc26576
When I try to get information about leechers and peers I should request: http://tracker.publicbt.com/scrape?info_hash=???
How should I convert info hash for this request? Is it url encoding or becoding? how? In PHP.
It's a raw hexadecimal representation. Use pack() with H to convert it. Then URL encode it.
Got this python snippet from a colleague,
r = ''
s = 'fda164e7af470f83ea699a529845a9353cc26576'
for n in range(0, len(s), 2):
r += '%%%s' % s[n:n+2].upper()
print r
Output: %FD%A1%64%E7%AF%47%0F%83%EA%69%9A%52%98%45%A9%35%3C%C2%65%76
Works like a charm.
Edit: Works like a charm for getting the tracker to give back status 200 (ok) but still doesn't work for retrieving the torrent details...
In case someone is having trouble and comes across this thread in the future: the trick to this whole issue is to use the bool $raw_output argument of the PHP: sha1 function, setting it to "true".
The BDecode/DEncode classes can be found HERE. This project, called Trackon, also includes many other helpful classes to interact with torrent trackers and files.
So, in PHP, something like this will work to obtain the correct info hash for scraping the tracker for details:
include('./path/to/BDecode.php');
include('./path/to/BEncode.php');
function getHash($torFile){
$tfile = BDecode(file_get_contents($torFile));
$infohash = sha1(BEncode($tfile["info"]), TRUE);
return urlencode($infohash);
}
Then merely call it like so:
$hash = getHash('./path/to/.torrent');
Hope this helps someone out there. I was still scratching my head after reading many posts about how to obtain the correct info hash. I understand why this wasn't mentioned anywhere now though, this argument was added in PHP 5. If you're not running PHP 5, you will have to convert the sha1 hash to raw binary after you calculate it.
I have a string that I would like to encrypt in Python, store it as a cookie, then in a PHP file I'd like to retrieve that cookie, and decrypt it in PHP. How would I go about doing this?
I appreciate the fast responses.
All cookie talk aside, lets just say I want to encrypt a string in Python and then decrypt a string in PHP.
Are there any examples you can point me to?
Use a standard encryption scheme. The implementation is going to be equivalent in either language.
RSA is available (via third party libraries) in both languages, if you need asymmetric key crypto. So is AES, if you need symmetric keys.
There is a good example here:
http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/
Other links that may help:
http://www.phpclasses.org/browse/package/4238.html
http://www.chilkatsoft.com/p/php_aes.asp
If you're not talking about encryption but encoding to make sure the contents make it through safely regardless of quoting issues, special characters, and line breaks, I think base64 encoding is your best bet. PHP has base64_encode / decode() out of the box, and I'm sure Python has, too.
Note that base64 encoding obviously does nothing to encrypt your data (i.e. to make it unreadable to outsiders), and base64 encoded data grows by 33%.
Well, my first thought would be to use a web server that uses SSL and set the cookie's secure property to true, meaning that it will only be served over SSL connections.
However, I'm aware that this probably isn't what you're looking for.
Although a bit late. Find sample code below using the Fernet library
#Python Code - fernet 1.0 library
from cryptography.fernet import Fernet
key = b"Gm3wFh9OiQHcVc8rcAMm8IOqKOJtk7CbrGRKVhrvXhg="
f = Fernet(key)
token = f.encrypt(b'the quick brown fox jumps over the lazy hare')
print(token)
##gAAAAABiMWVPsStLo42ExcmIqcGvRvCCmnhB5B6dc2JsOm4w-VsE9oJOuk_qYuZvHv5quQR4t_6ZjNJzAdCiDPOtESNzCreJZLwc2X-_apbqKKnBwc3KhmqL-K5X7t1uR1WXuyUEYUtW
<?php
//PHP - kelvinmo/fernet-php v1.0.1 A
require 'vendor/autoload.php';
use Fernet\Fernet;
$key = "Gm3wFh9OiQHcVc8rcAMm8IOqKOJtk7CbrGRKVhrvXhg=" ;
$fernet = new Fernet($key);
$token = "gAAAAABiMWVPsStLo42ExcmIqcGvRvCCmnhB5B6dc2JsOm4w-VsE9oJOuk_qYuZvHv5quQR4t_6ZjNJzAdCiDPOtESNzCreJZLwc2X-_apbqKKnBwc3KhmqL-K5X7t1uR1WXuyUEYUtW";
echo $fernet->decode($token);
?>