Home/ Questions/Q 9119637
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T05:26:38+00:00

I made an account on my web app (Symfony2 with FOSUserBundle) and registered with

  • 0

I made an account on my web app (Symfony2 with FOSUserBundle) and registered with the password “lolwut” (without the quotes).

These are the settings in my security.yml config:

security:
    encoders:
        FOS\UserBundle\Model\UserInterface:
            algorithm:   sha512
            iterations: 1
            encode_as_base64: false

The resulting data:

Hashed password:
f57470574dbf29026821519b19539d1c2237e4315d881fa412da978af554740c6b284062a9a4af7d0295d18ebea8ef2e152cf674b283f792fe0b568a93f969cf
Salt:
kuc5bixg5u88s4k8ggss4osoksko0g8

Now, since the iterations are set on 1, I am assuming that encoding “lolwut” in SHA512 in C# will give me the same result, here’s my logic:

string salt = "kuc5bixg5u88s4k8ggss4osoksko0g8";
string input = "lolwut";
string passAndSalt = String.Concat(input, salt);

System.String Hashed = System.BitConverter.ToString(((System.Security.Cryptography.SHA512)new System.Security.Cryptography.SHA512Managed()).ComputeHash(System.Text.Encoding.ASCII.GetBytes(passAndSalt))).Replace("-", "");
return passAndSalt + "<br>" + Hashed;

However, this returns the following value that doesn’t match the FOSUserBundle hashed password at all:

82E8CA0408B23DB50EB654EDB50A7926AC73613184054DB82FB6D67CD4186B7A045D265AEDE6E3852CD85B981F15F6615C1C0C6FBF443B1672DF59DE23557BD9

I know I must be doing something wrong somewhere, but I can’t for the life of me figure out what it is, and it’s driving me nuts. Could anyone help me out here, please?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Symfony merges password and salt as password{salt}, so this code will return the same hash:

      string salt = "kuc5bixg5u88s4k8ggss4osoksko0g8";
  string input = "lolwut";
  string passAndSalt = String.Format("{0}{{{1}}}", input, salt);

  System.String Hashed = System.BitConverter.ToString(((System.Security.Cryptography.SHA512)new System.Security.Cryptography.SHA512Managed()).ComputeHash(System.Text.Encoding.ASCII.GetBytes(passAndSalt))).Replace("-", "");
  // Hashed.ToLower()
    • 0