I have a large database of users (~200,000) that I’m transferring from a ASP.NET application to a Ruby on Rails application. I don’t really want to ask every user to reset their password and so I’m trying to re-implement the C# password hashing function in Ruby.

The old function is this:

public string EncodePassword(string pass, string saltBase64)  {      byte[] bytes = Encoding.Unicode.GetBytes(pass);      byte[] src = Convert.FromBase64String(saltBase64);      byte[] dst = new byte[src.Length + bytes.Length];      Buffer.BlockCopy(src, 0, dst, 0, src.Length);      Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);      HashAlgorithm algorithm = HashAlgorithm.Create('SHA1');      byte[] inArray = algorithm.ComputeHash(dst);      return Convert.ToBase64String(inArray);  } 

An example hashed password and salt is (and the password used was ‘password’):

Hashed password: ‘weEWx4rhyPtd3kec7usysxf7kpk=’ Salt: ‘1ptFxHq7ALe7yXIQDdzQ9Q==’ Password: ‘password’

Now with the following Ruby code:

require 'base64' require 'digest/sha1'   password = 'password' salt = '1ptFxHq7ALe7yXIQDdzQ9Q=='  concat = salt+password  sha1 = Digest::SHA1.digest(concat)  encoded = Base64.encode64(sha1)  puts encoded 

I’m not getting the correct password hash (I’m getting ‘+BsdIOBN/Vh2U7qWG4e+O13h3iQ=’ instead of ‘weEWx4rhyPtd3kec7usysxf7kpk=’). Can anyone see what the problem might be?

Many thanks

Arfon