SHA Calculation Error (I'm sure it's my fault) C#

Sep 24 2009 1:04 PM
I have somewhat cryptic (no pun intended) documentation for user authentication. Now I thought I understood but I keep getting a failed authentication so I must be missing something. Any help or pointers would be greatly appreciated.

Instructions: (Unfortunately they don't give me the password they used for their samples to compare to)

1)Calculate the message digest of the user's plain password using the secure hash algorithm (SHA).

2) For every 4 bits in the 160-bit digest, starting from the first bit, convert it into a character in ASCII Hex format (0 – 9, a – f). The result is a 40-character string S1, for example, f7a9e24777ec23212c54d7a350bc5bea5477fdbb.

3) Use the string S1 to construct a new string S2: S2 = nonce + ":" + S1, where nonce is the value in the responseAuthentication message.

4) Calculate the message digest of S2 using the MD5 algorithm.

5) For every 4 bits in the 128-bit digest from step 2, starting from the first bit, convert it into a character in ASCII Hex format (0 – 9, a – f). The result is a 32-character string, for example, dc70779bf8461b5a1e6aea58f636d5c0.

6) Use this string as the securePassword to log in.

So what I thought was correct code:

Calculate SHA step 1 & 2
strSecurePassword = BitConverter.ToString(SHA1Managed.Create().ComputeHash(Encoding.ASCII.GetBytes(userPassword))).Replace("-", "");

Step 3.
strSecurePassword = nonce + ":" + strSecurePassword;

Step 4 & 5
public string CalculateMD5(strSecurePassword)
Byte[] originalBytes;
Byte[] encodedBytes;
MD5 md5;

//Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)

md5 = new MD5CryptoServiceProvider();
originalBytes = ASCIIEncoding.Default.GetBytes(strSecurePassword);
encodedBytes = md5.ComputeHash(originalBytes);

//Convert encoded bytes back to a 'readable' string
return BitConverter.ToString(encodedBytes).Replace("-","");


I feel really dumb to not see what I am missing. Thank You

Answers (1)