Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Generating hash value

Reply
Thread Tools

Generating hash value

 
 
Eliyahu Goldin
Guest
Posts: n/a
 
      12-28-2003
Following Microsoft recommendations, I'd like to store a one-way passport
hash of a user's password. .NET provides method
FormsAuthentication.HashPasswordForStoringinConfig File (...) to generate a
hash value with either SHA1 or MD5 algorithm. My problem is that the
password is to be generated on a workstation with no .NET installed. How can
I generate a hash value without .NET in the same way as
HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
Crypto API calls with the same effect? An external stored procedure on the
server side?

Eliyahu


 
Reply With Quote
 
 
 
 
Michel Gallant
Guest
Posts: n/a
 
      12-28-2003
Yes, CryptoAPI supports calculating hashes using functions:
CryptCreateHash
CryptHashData
CryptGetHashParam (with dwParam = HP_HASHVAL to get actual hash buffer)
Start here:
http://msdn.microsoft.com/library/de...ata_hashes.asp

The byte order in the capi buffer returned is identical to data in .NET
HashPasswordForStoringinConfigFile string.
You only need to convert the byte buffer into an ordered hex-string to match the .NET hash string.

- Michel Gallant
MVP Security


"Eliyahu Goldin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Following Microsoft recommendations, I'd like to store a one-way passport
> hash of a user's password. .NET provides method
> FormsAuthentication.HashPasswordForStoringinConfig File (...) to generate a
> hash value with either SHA1 or MD5 algorithm. My problem is that the
> password is to be generated on a workstation with no .NET installed. How can
> I generate a hash value without .NET in the same way as
> HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
> Crypto API calls with the same effect? An external stored procedure on the
> server side?
>
> Eliyahu
>
>



 
Reply With Quote
 
 
 
 
Andy
Guest
Posts: n/a
 
      12-28-2003
> Crypto API calls with the same effect? An external stored procedure on the
> server side?

you can use XP_CRYPT (www.activecrypt.com). Free version supports SHA1, MD5
and DES hashes without limitations.


 
Reply With Quote
 
Eliyahu Goldin
Guest
Posts: n/a
 
      12-29-2003
Thanks Michel and Andy,

Your answers are exactly what I need.

Eliyahu



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tied hash: Differentiating between assignment of single value andentire hash bernd Perl Misc 0 04-24-2012 02:41 PM
hash of hash of hash of hash in c++ rp C++ 1 11-10-2011 04:45 PM
Hash#select returns an array but Hash#reject returns a hash... Srijayanth Sridhar Ruby 19 07-02-2008 12:49 PM
hash key to var name of value hash key value Une bévue Ruby 5 08-10-2006 04:05 PM
Searching an example for a defined hash value of a nonexisting hash key Ralf Baerwaldt Perl Misc 1 07-20-2004 03:05 PM



Advertisments