There's a 50/50 you can recover your password from an MD5 hash library (something like: http://www.md5decrypter.co.uk/ ). Then change the password.
How many decryptions are in your database?
We have a total of 7,447,737,437 (over 7 billion)
unique decrypted md5 hashes since August 2007, the BIGGEST INSTANT
online database available that doesn't use rainbow tables.
Is it possible to Retriev the password for particular user
Is it possible to Retriev the password for particular user.
I am using Membership Provider:
<machineKey validationKey="E3CF3D4250E0597997C33A9A82D623260AD55122" decryptionKey="F2CCDA4E3CF7B8A39ADE311355F5F6E22CCC37D9DEB48ECF" decryption="3DES" validation="SHA1" />
<add name="UmbracoMembershipProvider"
type="Optifast.OptifastMemberShipProvider"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
defaultMemberTypeAlias="consumer"
passwordFormat="Encrypted"
umbracoApprovePropertyTypeAlias="approved"
umbracoLockPropertyTypeAlias="locked"
umbracoFailedPasswordAttemptsPropertyTypeAlias="pwFails"
umbracoCommentPropertyTypeAlias="comment"
umbracoLastLoginPropertyTypeAlias="lastLogin"
umbracoPasswordRetrievalQuestionPropertyTypeAlias="pwQuestion"
umbracoQuestionRetrievalAnswerPropertyTypeAlias="pwAnswer"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"/>
<add name="AspNetSqlMemberShipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" />
<add name="UsersMembershipProvider"
type="umbraco.providers.UsersMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
passwordFormat="Encrypted"/>
Hi,
No you can only reset the password because in your config the password is encrypted. Below you find a snippet how to do this:
var member = Membership.GetUser("loginname of the member");
member.ChangePassword(member.GetPassword(), "the new password");
More info about membership can be found here http://msdn.microsoft.com/en-us/library/cyckw0z6.aspx
Hope this helps you,
Richard
yes, looks like
I was thinking that encripted can be decripted ( it is not hashed)
But when I am using
OptifastMemberShipProvider obj = new OptifastMemberShipProvider();
byte[] buff = obj.DecryptPassword(ByteArray);
It returns exception: "Bad data"
Actually I think it is hashed, MD5 probably.
What do you mean MD5 probably?
Does it hardcoded somewhere in umbraco customMembershipProvider?
Ah, nevermind me, I was talking about the password stored in the database.
There's a 50/50 you can recover your password from an MD5 hash library (something like: http://www.md5decrypter.co.uk/ ). Then change the password.
but i doubt this is your goal ? :)
Yes, but how do you know that MD5 hashing involved?
In web.config only 3DES has been mentioned..
Is it hardcoded in umbraco?
Dima: based on this topic: http://our.umbraco.org/forum/developers/api-questions/6316-MD5-encrypted-member-passwords
I conclude that it is in fact SHA1 that's being used.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.