Why is my SHA1 hash not matching?

Question

I don't think I was specific enough last time. Here we go:

I have a hex string:

742713478fb3c36e014d004100440041004 e0041004e00000060f347d15798c9010060 6b899c5a98c9014d007900470072006f007 500700000002f0000001f7691944b9a3306 295fb5f1f57ca52090d35b50060606060606

The last 20 bytes should (theoretically) contain a SHA1 Hash of the first part (complete string - 20 bytes). But it doesn't match for me.

Trying to do this with PHP, but no luck. Can you get a match?

Ticket:

742713478fb3c36e014d004100 440041004e0041004e00000060 f347d15798c90100606b899c5a 98c9014d007900470072006f00 7500700000002f0000001f7691944b9a

sha1 hash of ticket appended to original:

3306295fb5f1f57ca52090d35b50060606060606

My sha1 hash of ticket:

b6ecd613698ac3533b5f853bf22f6eb4afb94239

Here's what is in the ticket and how it's being stored. FWIW, I can pull out username, etc, and spot the various delimiters. http://www.codeproject.com/KB/aspnet/Forms_Auth_Internals/AuthTicket2.JPG

Edited: I have discovered that the string is padded on the end by the decryption function it goes through before this point. I removed the last 6 bytes and adjusted by ticket and hash accordingly. Still doesn't work, but I'm closer.

Answer 1

Your ticket is being calculated on the hex string itself. Maybe the appended hash is calculated on another representation of the same data?

Answer 2

I think you are getting confused about bytes vs characters.

Internally, php stores every character in a string as a byte. The sha1 hash that PHP generates is a 40 character (40 byte) hexademical representation of the 20-byte binary data, since each binary value needs to be represented by 2 hex characters.

I'm not sure if this is the actual source of your discrepancy, but seeing this misunderstanding makes me wonder if it's related.