I have to generate password hash with SSHA512 which could work with Postfix. I have hash generator written in Python and i need to rewrite it to C#. I wrote some code in c# that generating hash but Postfix could not verify generated password.
Python code:
def generate_ssha512_password(p):
"""Generate salted SHA512 password with prefix '{SSHA512}'.
Return SSHA instead if python is older than 2.5 (not supported in module hashlib)."""
p = str(p).strip()
try:
from hashlib import sha512
salt = os.urandom(8)
pw = sha512(p)
pw.update(salt)
return '{SSHA512}' + b64encode(pw.digest() + salt)
And My C# code version 1:
public static string CreateSalt(int size)
{
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}
public static string GenerateHash(string input, string salt)
{
byte[] bytes = Encoding.UTF8.GetBytes(input + salt);
SHA512 sHA512ManagedString = new SHA512Managed();
byte[] hash = sHA512ManagedString.ComputeHash(bytes);
return Convert.ToBase64String(hash);
}
C# code version 2:
public static byte[] CreateSaltRaw(int size)
{
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
return buff;
}
public static string GenerateHash2(string input, byte[] salt)
{
byte[] bytes = Encoding.UTF8.GetBytes(input + Convert.ToBase64String(salt));
SHA512 sHA512ManagedString = new SHA512Managed();
byte[] hash = sHA512ManagedString.ComputeHash(bytes);
List<byte> pass = hash.ToList();
foreach (var s in salt)
{
pass.Add(s);
}
//return Convert.ToBase64String(hash);
return Convert.ToBase64String(pass.ToArray());
}
In version 1 generated hash is shorten than hash generated in Python. In version 2 length is same. Unfortunetly both versions doesn't work in Postfix. Generated hash can't be verified.
Values i get:
Password: texas
Python generated password:
Q5RlBLOCizu/o/iI7NrzqI1lIvMJ5lLngPH1zdeYSdbA+G+wzNcCTwPOwEG/oKM5P3bqrBcm5gLDSdBO3IjnplWHbgqgTBvV
C#:
raw salt values v1:
0xed 0x01 0x97 0x7b 0xc2 0xec 0x29 0x76
encoded salt v1:
7Q+Xe8LsKXY=
encode salt + pass v1 :
2EXXraKRShKwOOb9TYU4hoXVQPhhujaK2dJVe8/n423tW3dOBBdycUPBluMmRtkNELIocAIkRKR6Rk+R5T43rw==
From the posted result of the Python code
Q5RlBLOCizu/o/iI7NrzqI1lIvMJ5lLngPH1zdeYSdbA+G+wzNcCTwPOwEG/oKM5P3bqrBcm5gLDSdBO3IjnplWHbgqgTBvV
the following can be derived as salt after Base64 decoding:
55876e0aa04c1bd5 (hex encoded) or VYduCqBMG9U= (Base64 encoded)
In the C# code, first salt and password must be encoded:
byte[] salt = Convert.FromBase64String("VYduCqBMG9U=");
byte[] password = Encoding.ASCII.GetBytes("texas"); // Here the encoding of the Python code must be used
Before hashing, both byte[] must be concatenated. Since the concatenation of byte[] is needed again later, it's useful to implement a helper method:
private static byte[] join(byte[] b1, byte[] b2)
{
byte[] b = new byte[b1.Length + b2.Length];
Buffer.BlockCopy(b1, 0, b, 0, b1.Length);
Buffer.BlockCopy(b2, 0, b, b1.Length, b2.Length);
return b;
}
Thus the hashing is performed as follows:
HashAlgorithm algorithm = new SHA512Managed();
byte[] passwordSalt = join(password, salt);
byte[] hash = algorithm.ComputeHash(passwordSalt);
Before the Base64 encoding, hash and salt must be concatenated:
byte[] hashSalt = join(hash, salt);
string hashSaltB64 = Convert.ToBase64String(hashSalt); // Q5RlBLOCizu/o/iI7NrzqI1lIvMJ5lLngPH1zdeYSdbA+G+wzNcCTwPOwEG/oKM5P3bqrBcm5gLDSdBO3IjnplWHbgqgTBvV
To process a random salt you can use e.g. your CreateSaltRaw method and simply replace
byte[] salt = Convert.FromBase64String("VYduCqBMG9U=");
by
byte[] salt = CreateSaltRaw(8);