Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Generating hash value (http://www.velocityreviews.com/forums/t765587-generating-hash-value.html)

Eliyahu Goldin 12-28-2003 03:14 PM
Generating hash value
 
Following Microsoft recommendations, I'd like to store a one-way passport
hash of a user's password. .NET provides method
FormsAuthentication.HashPasswordForStoringinConfig File (...) to generate a
hash value with either SHA1 or MD5 algorithm. My problem is that the
password is to be generated on a workstation with no .NET installed. How can
I generate a hash value without .NET in the same way as
HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
Crypto API calls with the same effect? An external stored procedure on the
server side?

Eliyahu

Michel Gallant 12-28-2003 03:52 PM
Re: Generating hash value
 
Yes, CryptoAPI supports calculating hashes using functions:
CryptCreateHash
CryptHashData
CryptGetHashParam (with dwParam = HP_HASHVAL to get actual hash buffer)
Start here:
http://msdn.microsoft.com/library/de...ata_hashes.asp

The byte order in the capi buffer returned is identical to data in .NET
HashPasswordForStoringinConfigFile string.
You only need to convert the byte buffer into an ordered hex-string to match the .NET hash string.

- Michel Gallant
MVP Security


"Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
news:Orw0CVVzDHA.2932@TK2MSFTNGP09.phx.gbl...
> Following Microsoft recommendations, I'd like to store a one-way passport
> hash of a user's password. .NET provides method
> FormsAuthentication.HashPasswordForStoringinConfig File (...) to generate a
> hash value with either SHA1 or MD5 algorithm. My problem is that the
> password is to be generated on a workstation with no .NET installed. How can
> I generate a hash value without .NET in the same way as
> HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
> Crypto API calls with the same effect? An external stored procedure on the
> server side?
>
> Eliyahu
>
>

Andy 12-28-2003 07:22 PM
Re: Generating hash value
 
> Crypto API calls with the same effect? An external stored procedure on the
> server side?
you can use XP_CRYPT (www.activecrypt.com). Free version supports SHA1, MD5
and DES hashes without limitations.

Eliyahu Goldin 12-29-2003 02:10 PM
Re: Generating hash value
 
Thanks Michel and Andy,

Your answers are exactly what I need.

Eliyahu


All times are GMT. The time now is 09:33 PM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.