Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Pavel Shishkin 7 posts 58 karma points
    Jan 08, 2010 @ 18:24
    Pavel Shishkin
    0

    MD5-encrypted member passwords

    API Questions

    I'm trying to integrate a user database, in which passwords were generated by PHP MD5() function and are 32-character hexadecimal numbers like "4e782c983e2a4c7986e48c799ec63aea". The following snippet makes strings like "J2A6frYm+pbznpYZCH0QB8kkxZM=" equally, no matter what type, MD5 or SHA1. Looks like hashAlgorithmType attribute is ignored. 

    <membership defaultProvider="UmbracoMembershipProvider" hashAlgorithmType="Md5">
          <providers>
             <clear />
             <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" passwordFormat="hashed" />
          </providers>
    </membership>

    What can be done to make md5 passwords?

    Thank you.

    Copy Link
  • Aaron Powell 1708 posts 3046 karma points c-trib
    Jan 09, 2010 @ 00:05
    Aaron Powell
    0

    You just need to set the passwordFormat="Hashed" on the provider like is shown here: http://our.umbraco.org/wiki/how-tos/membership-providers/umbracomembershipprovider-properties

    I'm pretty confident that hashed passwords are generated using MD5.

    Copy Link
  • Pavel Shishkin 7 posts 58 karma points
    Jan 09, 2010 @ 13:54
    Pavel Shishkin
    0

    Thanks, slace, but it doesn't help.

    Actually, I'm not sure which encryption is used anymore. Here is what I found using online encrypters with a string "bakabaka":

    md5: 4e782c983e2a4c7986e48c799ec63aea <-- is what in my PHP database and what i want to get from Umbraco

    sha1: c60489d8262d3d090b947541526605e8bad0eed6

    sha224: e426508d19c6d4a9c813861c54415ac71fc5511032d6681696f0e060

    Umbraco: 4a3241366672596d2b70627a6e70595a4348305142386b6b785a4d3d (ASCII:  J2A6frYm+pbznpYZCH0QB8kkxZM=<-- seems like it's sha224 using some key. There's no other way but to change the source, I guess.

    Copy Link
  • Pavel Shishkin 7 posts 58 karma points
    Jan 10, 2010 @ 00:38
    Pavel Shishkin
    0

    Solved by changing the encodePassword functions of the umbraco.cms.businesslogic.member.Member and umbraco.providers.members.UmbracoMembershipProvider classes to:

    case MembershipPasswordFormat.Hashed:
                    byte[] pass = Encoding.UTF8.GetBytes(password);
                    MD5 md5 = new MD5CryptoServiceProvider();
                    encodedPassword = BitConverter.ToString(md5.ComputeHash(pass));
                    encodedPassword = (encodedPassword.Replace("-", "")).ToLower();
                    break;
    Copy Link
  • Aaron Powell 1708 posts 3046 karma points c-trib
    Jan 10, 2010 @ 01:12
    Aaron Powell
    0

    Here's the code from the membership provider:

    case MembershipPasswordFormat.Hashed:
                    HMACSHA1 hash = new HMACSHA1();
                    hash.Key = Encoding.Unicode.GetBytes(password);
                    encodedPassword =
                      Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
                    break;

    So I guess that answers the question of encrypting ;)

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft