We were hashing our passwords, although somewhere along the way one of our developers changed it to clear text so that we could email a user their password if they forgot it.
Anyhow, I'm changing it so that we store passwords 'hashed' now. There is a group of passwords which we need to hash. The salt is already there in the database, I just need to loop through where "passwordformat" = 0 and hash accordingly. How do I do this?
edit: I had a go at a suggestion from another SO post, using "SHA-1" as the hashing algorithm to calculate the digest. It was not the result I expected.
I know the original clear password, the salt, but the result is not what I expected. The answer in the above suggests using SHA-1 as the hashing algo.
If it's any help this is from our web.config of the web server.
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,
EDIT: I'm getting somewhere. I created another test user, and this time got the same digest value as that generated by the web application. Only difference was the one salt contained '/' symbol, and the other did not. I was not aware that '/' would cause an issue, as I didn't think it's an escape character.
EDIT: here is my code. It works only if the salt does not contain '/'
public static string EncodePassword3(string pass, string saltBase64)
{
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] src = Convert.FromBase64String(saltBase64);
byte[] dst = new byte[src.Length + bytes.Length];
byte[] inArray = null;
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
I can supply the clear text password and salt (only testing at mo) to see if you can get the correct result....
