Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Pavel Shishkin 7 posts 58 karma points
    Jan 08, 2010 @ 18:24
    Pavel Shishkin
    0

    MD5-encrypted member passwords

    I'm trying to integrate a user database, in which passwords were generated by PHP MD5() function and are 32-character hexadecimal numbers like "4e782c983e2a4c7986e48c799ec63aea". The following snippet makes strings like "J2A6frYm+pbznpYZCH0QB8kkxZM=" equally, no matter what type, MD5 or SHA1. Looks like hashAlgorithmType attribute is ignored. 

    <membership defaultProvider="UmbracoMembershipProvider" hashAlgorithmType="Md5">
          <providers>
             <clear />
             <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" passwordFormat="hashed" />
          </providers>
    </membership>

    What can be done to make md5 passwords?

    Thank you.

    Copy Link
  • Aaron Powell 1708 posts 3044 karma points c-trib
    Jan 09, 2010 @ 00:05
    Aaron Powell
    0

    You just need to set the passwordFormat="Hashed" on the provider like is shown here: http://our.umbraco.org/wiki/how-tos/membership-providers/umbracomembershipprovider-properties

    I'm pretty confident that hashed passwords are generated using MD5.

    Copy Link
  • Pavel Shishkin 7 posts 58 karma points
    Jan 09, 2010 @ 13:54
    Pavel Shishkin
    0

    Thanks, slace, but it doesn't help.

    Actually, I'm not sure which encryption is used anymore. Here is what I found using online encrypters with a string "bakabaka":

    md5: 4e782c983e2a4c7986e48c799ec63aea <-- is what in my PHP database and what i want to get from Umbraco

    sha1: c60489d8262d3d090b947541526605e8bad0eed6

    sha224: e426508d19c6d4a9c813861c54415ac71fc5511032d6681696f0e060

    Umbraco: 4a3241366672596d2b70627a6e70595a4348305142386b6b785a4d3d (ASCII:  J2A6frYm+pbznpYZCH0QB8kkxZM=<-- seems like it's sha224 using some key. There's no other way but to change the source, I guess.

    Copy Link
  • Pavel Shishkin 7 posts 58 karma points
    Jan 10, 2010 @ 00:38
    Pavel Shishkin
    0

    Solved by changing the encodePassword functions of the umbraco.cms.businesslogic.member.Member and umbraco.providers.members.UmbracoMembershipProvider classes to:

    case MembershipPasswordFormat.Hashed:
                    byte[] pass = Encoding.UTF8.GetBytes(password);
                    MD5 md5 = new MD5CryptoServiceProvider();
                    encodedPassword = BitConverter.ToString(md5.ComputeHash(pass));
                    encodedPassword = (encodedPassword.Replace("-", "")).ToLower();
                    break;
    Copy Link
  • Aaron Powell 1708 posts 3044 karma points c-trib
    Jan 10, 2010 @ 01:12
    Aaron Powell
    0

    Here's the code from the membership provider:

    case MembershipPasswordFormat.Hashed:
                    HMACSHA1 hash = new HMACSHA1();
                    hash.Key = Encoding.Unicode.GetBytes(password);
                    encodedPassword =
                      Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
                    break;

    So I guess that answers the question of encrypting ;)

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies