Question

SHA256 hashing Mx differs with online calculaters

1

If I let Mx Hash the password '1', it's stored in the database as: "{SHA256}a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s=". Online calculaters (and the party we're integrating with) gives a other hash for this password. For example this calculator gives 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b as the hash. Can anybody explain how I can calculate the SHA256 (not salted!) hash in the same manner as Mx does?

asked 2012-04-04

Herbert Vuijk

2 answers

1

see Hans' response

Edit

Assuming you control both start and end point, I'd advise you don't mix your custom hashes with Mendix passwords. Store the hashes yourself and match those with the input parameters in your webservice calls.

answered 2012-04-04

Robert van 't Hof

Hans van Kranenburg · Accepted Answer · 2012-04-04

The actual password hash is a number of bits. There's several ways how you can store random bits in a text field.

One of them is base64-encoded. That's the a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s= you see.

Another one is converting the bits to hexadecimal per byte and display those as decimal numbers, concatenated. That's the 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b