问题
I don't think I was specific enough last time. Here we go:
I have a hex string:
742713478fb3c36e014d004100440041004 e0041004e00000060f347d15798c9010060 6b899c5a98c9014d007900470072006f007 500700000002f0000001f7691944b9a3306 295fb5f1f57ca52090d35b50060606060606
The last 20 bytes should (theoretically) contain a SHA1 Hash of the first part (complete string - 20 bytes). But it doesn't match for me.
Trying to do this with PHP, but no luck. Can you get a match?
Ticket:
742713478fb3c36e014d004100 440041004e0041004e00000060 f347d15798c90100606b899c5a 98c9014d007900470072006f00 7500700000002f0000001f7691944b9a
sha1 hash of ticket appended to original:
3306295fb5f1f57ca52090d35b50060606060606
My sha1 hash of ticket:
b6ecd613698ac3533b5f853bf22f6eb4afb94239
Here's what is in the ticket and how it's being stored. FWIW, I can pull out username, etc, and spot the various delimiters. http://www.codeproject.com/KB/aspnet/Forms_Auth_Internals/AuthTicket2.JPG
Edited: I have discovered that the string is padded on the end by the decryption function it goes through before this point. I removed the last 6 bytes and adjusted by ticket and hash accordingly. Still doesn't work, but I'm closer.
回答1:
Your ticket is being calculated on the hex string itself. Maybe the appended hash is calculated on another representation of the same data?
回答2:
I think you are getting confused about bytes vs characters.
Internally, php stores every character in a string as a byte. The sha1 hash that PHP generates is a 40 character (40 byte) hexademical representation of the 20-byte binary data, since each binary value needs to be represented by 2 hex characters.
I'm not sure if this is the actual source of your discrepancy, but seeing this misunderstanding makes me wonder if it's related.
回答3:
Try trimming the string first, its suprisingly easy to have a newline or space on the end that changes the hash completely.
回答4:
According to this Online SHA1 tool the hash of the given text (after removing new lines and spaces) is
b6ecd613698ac3533b5f853bf22f6eb4afb94239
Idea: Make sure your inputing characters not a hex number to the PHP version.
回答5:
The problem was that the original was a keyed hash. I had to use hash_hmac() with a validation key rather than sha1() without.
来源:https://stackoverflow.com/questions/607272/why-is-my-sha1-hash-not-matching