Why isn't my PHP SHA256 hash equivalent to C# SHA256Managed hash

C# is outputting a base64 ecoded string, and PHP is outputting a number in hex. A better comparison might be to pass the parameter true to the end of the hash function of PHP and base64 the result:

 $hash = base64_encode(
           hash('sha256', $userData['salt'] . hash('sha256', $password), true )
         );

Because they're different. Your C# code encodes the computed hash in Base64 encoding at the end. PHP just returns a string of hexadecimal digits.


First suspect:

Encoding.UTF8.GetBytes(plainText);

C# uses UTF-8, your PHP probably doesn't, but you could be lucky if you use strictly letters from the US-ASCII subset.

Second suspect:

Convert.ToBase64String(tHashBytes);

There's nothing about Base64 in your PHP.

Since PHP will give you a hex-encoded result, you should switch to Hex in your C#, too. See this answer for solutions.

Tags:

C#

Php

Sha256