Hi,
I am using MD5 to hash my passwords and add them to database as hashed.
I have noticed though that some passwords don't get recognized and I suppose
that it happen because hashing might introduce some characters in my
password that are not handled properly by SQL server then.
For example, password 'startreck' works just fine
password 'test' does not
Anybody knows how can I fix this problem?
Any help will be greatfully appreciated
Dino
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com 10  2819 
* "Dino M. Buljubasic" <di*************@rivusglobal.com> scripsit: I am using MD5 to hash my passwords and add them to database as hashed.
I have noticed though that some passwords don't get recognized and I suppose
that it happen because hashing might introduce some characters in my
password that are not handled properly by SQL server then.
For example, password 'startreck' works just fine
password 'test' does not
Anybody knows how can I fix this problem?
How do you calculate the hash code?
--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Hi Herfried,
thanks for your respond. I am using MD5 hashing, here is the code:
Public Function GenerateMD5Hash(ByVal strInput As String) As String
Dim md5Provider As MD5
' generate bytes for the input string
Dim inputData() As Byte = ASCIIEncoding.ASCII.GetBytes(strInput)
' compute MD5 hash
md5Provider = New MD5CryptoServiceProvider()
Dim hashResult() As Byte = md5Provider.ComputeHash(inputData)
Return ASCIIEncoding.ASCII.GetString(hashResult)
End Function
because this hashing may intro apostrophy, I also handle that by replacint a
' with '' (apostrophy with double appostrophy) and that gets handled well.
However, from some reason some passwords don't get found in my database
although they are there and I guess it is because some invalid characters
besid appostrophy get introduced but I am not sure.
Appreciate your help,
Dino
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:bn************@ID-208219.news.uni-berlin.de... * "Dino M. Buljubasic" <di*************@rivusglobal.com> scripsit: I am using MD5 to hash my passwords and add them to database as hashed.
I have noticed though that some passwords don't get recognized and I
suppose that it happen because hashing might introduce some characters in my
password that are not handled properly by SQL server then.
For example, password 'startreck' works just fine
password 'test' does not
Anybody knows how can I fix this problem?
How do you calculate the hash code?
--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
On Wed, 22 Oct 2003 19:29:51 GMT, "Dino M. Buljubasic"
<di*************@rivusglobal.com> wrote: Hi Herfried,
thanks for your respond. I am using MD5 hashing, here is the code:
Public Function GenerateMD5Hash(ByVal strInput As String) As String
Dim md5Provider As MD5
' generate bytes for the input string
Dim inputData() As Byte = ASCIIEncoding.ASCII.GetBytes(strInput)
' compute MD5 hash
md5Provider = New MD5CryptoServiceProvider()
Dim hashResult() As Byte = md5Provider.ComputeHash(inputData)
Return ASCIIEncoding.ASCII.GetString(hashResult)
End Function
because this hashing may intro apostrophy, I also handle that by replacint a
' with '' (apostrophy with double appostrophy) and that gets handled well.
However, from some reason some passwords don't get found in my database
although they are there and I guess it is because some invalid characters
besid appostrophy get introduced but I am not sure.
Appreciate your help,
Dino
I had similar problems a while ago - the cause turned out to be
character encoding in the database. My solution (and one which I apply
to all databases & models) is to produce an ASCII-friendly (actually,
7-bit) verion of the hash. Basically, I just use the hex digits of
each of the bytes.
And remember to mix the user ID with the password when generating the
hash (I suppose it goes without saying, but I've seen it a hundred
times!)
Rgds,
Try Base64 Encoding the hash, before you store it in the database. When the
time comes to verify the hash, Base64 Decode the data, and you get the hash
back to compare it with.
--
HTH,
-- Tom Spink, Über Geek
Please respond to the newsgroup,
so all can benefit
" System.Reflection Master "
==== Converting to 2002 ====
Remove inline declarations
"Dino M. Buljubasic" <di*************@rivusglobal.com> wrote in message
news:PUAlb.30626$i92.16656@clgrps13... Hi Herfried,
thanks for your respond. I am using MD5 hashing, here is the code:
Public Function GenerateMD5Hash(ByVal strInput As String) As String
Dim md5Provider As MD5
' generate bytes for the input string
Dim inputData() As Byte = ASCIIEncoding.ASCII.GetBytes(strInput)
' compute MD5 hash
md5Provider = New MD5CryptoServiceProvider()
Dim hashResult() As Byte = md5Provider.ComputeHash(inputData)
Return ASCIIEncoding.ASCII.GetString(hashResult)
End Function
because this hashing may intro apostrophy, I also handle that by replacint
a ' with '' (apostrophy with double appostrophy) and that gets handled well.
However, from some reason some passwords don't get found in my database
although they are there and I guess it is because some invalid characters
besid appostrophy get introduced but I am not sure.
Appreciate your help,
Dino
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://mail.giantcompany.com
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:bn************@ID-208219.news.uni-berlin.de... * "Dino M. Buljubasic" <di*************@rivusglobal.com> scripsit: I am using MD5 to hash my passwords and add them to database as
hashed. I have noticed though that some passwords don't get recognized and I suppose that it happen because hashing might introduce some characters in my
password that are not handled properly by SQL server then.
For example, password 'startreck' works just fine
password 'test' does not
Anybody knows how can I fix this problem?
How do you calculate the hash code?
--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Can you give me an exasmple how to do that?
Thank you,
Dino
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com
"_Andy_" <wi******@nospamthanks.gov> wrote in message
news:5f********************************@4ax.com... On Wed, 22 Oct 2003 19:29:51 GMT, "Dino M. Buljubasic"
<di*************@rivusglobal.com> wrote:
Hi Herfried,
thanks for your respond. I am using MD5 hashing, here is the code:
Public Function GenerateMD5Hash(ByVal strInput As String) As String
Dim md5Provider As MD5
' generate bytes for the input string
Dim inputData() As Byte = ASCIIEncoding.ASCII.GetBytes(strInput)
' compute MD5 hash
md5Provider = New MD5CryptoServiceProvider()
Dim hashResult() As Byte = md5Provider.ComputeHash(inputData)
Return ASCIIEncoding.ASCII.GetString(hashResult)
End Function
because this hashing may intro apostrophy, I also handle that by
replacint a' with '' (apostrophy with double appostrophy) and that gets handled
well.However, from some reason some passwords don't get found in my database
although they are there and I guess it is because some invalid characters
besid appostrophy get introduced but I am not sure.
Appreciate your help,
Dino
I had similar problems a while ago - the cause turned out to be
character encoding in the database. My solution (and one which I apply
to all databases & models) is to produce an ASCII-friendly (actually,
7-bit) verion of the hash. Basically, I just use the hex digits of
each of the bytes.
And remember to mix the user ID with the password when generating the
hash (I suppose it goes without saying, but I've seen it a hundred
times!)
Rgds,
I never used Base64 before. I'll do some research on that but meanwhile,
can you give me a simple example of how to use it.
Thanks,
Dino
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com
"Tom Spink" <th**********@ntlworld.com> wrote in message
news:Oa**************@TK2MSFTNGP09.phx.gbl... Try Base64 Encoding the hash, before you store it in the database. When
the time comes to verify the hash, Base64 Decode the data, and you get the
hash back to compare it with.
--
HTH,
-- Tom Spink, Über Geek
Please respond to the newsgroup,
so all can benefit
" System.Reflection Master "
==== Converting to 2002 ====
Remove inline declarations
"Dino M. Buljubasic" <di*************@rivusglobal.com> wrote in message
news:PUAlb.30626$i92.16656@clgrps13... Hi Herfried,
thanks for your respond. I am using MD5 hashing, here is the code:
Public Function GenerateMD5Hash(ByVal strInput As String) As String
Dim md5Provider As MD5
' generate bytes for the input string
Dim inputData() As Byte = ASCIIEncoding.ASCII.GetBytes(strInput)
' compute MD5 hash
md5Provider = New MD5CryptoServiceProvider()
Dim hashResult() As Byte = md5Provider.ComputeHash(inputData)
Return ASCIIEncoding.ASCII.GetString(hashResult)
End Function
because this hashing may intro apostrophy, I also handle that by
replacint a ' with '' (apostrophy with double appostrophy) and that gets handled
well. However, from some reason some passwords don't get found in my database
although they are there and I guess it is because some invalid
characters besid appostrophy get introduced but I am not sure.
Appreciate your help,
Dino
--
------------------------------------------------------------------------- FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://mail.giantcompany.com
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:bn************@ID-208219.news.uni-berlin.de... * "Dino M. Buljubasic" <di*************@rivusglobal.com> scripsit:
> I am using MD5 to hash my passwords and add them to database as
hashed. > I have noticed though that some passwords don't get recognized and I
suppose > that it happen because hashing might introduce some characters in my
> password that are not handled properly by SQL server then.
>
> For example, password 'startreck' works just fine
> password 'test' does not
>
> Anybody knows how can I fix this problem?
How do you calculate the hash code?
--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Hi Dino,
I'd take the output from "test" and stick a load of strings based on it
into the DB by hand to determine exactly which was giving the trouble. Then
I'd generate other test cases using a loop.
One possible workaround is to add an extra level of encoding:
Return System.Web.HttpUtility.UrlEncode _
(ASCIIEncoding.ASCII.GetString(hashResult))
But you must do that testing first because UrlEncode might not get <every>
character that causes trouble.
Regards,
Fergus
The problem is that I can not do that because some of the characters
generated by hash do not exist on the keyboard and there is no way to know
which ones are they anyways because they don't even get displayed properly.
I tried removint all non letters and non digits from the hashed password and
then trying to log on but it still does not work even though my query shows
the entries in database. E.g. for password 'test', I get someting like say
'asdfg' after hashing it and removing all non leters and non digits.
Then my query SELECT blah, blah FROM Table WHERE password = 'asdfg' still
does not finds it even though it is exactly how it is stored in DB.
Wired!!!
Thanks GG :)
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com
"Fergus Cooney" <fi*****@post.com> wrote in message
news:uW**************@TK2MSFTNGP09.phx.gbl... Hi Dino,
I'd take the output from "test" and stick a load of strings based on
it into the DB by hand to determine exactly which was giving the trouble.
Then I'd generate other test cases using a loop.
One possible workaround is to add an extra level of encoding:
Return System.Web.HttpUtility.UrlEncode _
(ASCIIEncoding.ASCII.GetString(hashResult))
But you must do that testing first because UrlEncode might not get
<every> character that causes trouble.
Regards,
Fergus
On Wed, 22 Oct 2003 20:09:47 GMT, "Dino M. Buljubasic"
<di*************@rivusglobal.com> wrote: Can you give me an exasmple how to do that?
Thank you,
Dino
Sorry, missed your post. Something like this:
Public Shared Function CreateHashedBlock(ByVal oUserID As String,
ByVal oPassword As String) As String
Dim oValue As String = oUserID & oPassword
Dim oMD5 As New
System.Security.Cryptography.MD5CryptoServiceProvi der()
Dim oBuffer() As Byte
oBuffer =
oMD5.ComputeHash(System.Text.Encoding.ASCII.GetByt es(oValue))
Dim oOutputText As String
Dim oByte As Byte
For Each oByte In oBuffer
If oByte < 16 Then
oOutputText = oOutputText & "0" & Hex(oByte)
Else
oOutputText = oOutputText & Hex(oByte)
End If
Next
Return oOutputText
End Function
Hi,
You guys have no excuse for asking the same mumbo-jumbo over-and-over before
making a simple search.
That is a beginner issue, very easy to find on Google or something.
Once again, I will quote my own text in this newsgroup:
«It's a common (newbie) misunderstanding, about storing ciphertext [or hash
values, or random data] as
strings. The point is you shouldn't. Converting a buffer into a string and
vice-versa is called Text encoding and decoding. There are several encoding
schemes (Ascii, Unicode, UTF8, etc). Each ciphertext byte can range from 0
to 255. Encoding schemes do NOT preserve all those unique values. And a
single wrong byte is enough to make decryption [or string to bytes again]
impossible.
You should always store and handle ciphertext as a buffer (array of bytes).
If you really need to store it as a string [for instance for a database]
then you need to get a Base
encoding representation of the buffer (hexadecimal, or Base64/Mime). You can
create your own Base encoding functions or use framework
System.Convert.ToBase64(buffer).»
So Dino, in you code, replace that bogus "Return
ASCIIEncoding.ASCII.GetString(hashResult)" with the correct:
Return Convert.ToBase64String(hashResult)
Of course you will use another function to decode from Base64String into
bytes array. Just saying this before you ask:
Dim hashResult() As Byte = Convert.FromBase64String(base64hash)
Regards,
Mario
"Dino M. Buljubasic" <di*************@rivusglobal.com> wrote in message
news:UeAlb.30527$i92.15268@clgrps13... Hi,
I am using MD5 to hash my passwords and add them to database as hashed.
I have noticed though that some passwords don't get recognized and I
suppose that it happen because hashing might introduce some characters in my
password that are not handled properly by SQL server then.
For example, password 'startreck' works just fine
password 'test' does not
Anybody knows how can I fix this problem?
Any help will be greatfully appreciated
Dino
--
-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://mail.giantcompany.com
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Seth |
last post by:
I want to create a simple hash function that can hash strings. Currently I'm
storing passwords as strings in a DB but want to store them as a hash. I
don't need any proper standardised hashing e.g....
|
by: Wm. Scott Miller |
last post by:
Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice...
|
by: Tayo |
last post by:
How do I encrypt passwords before saving in the database
|
by: Joe |
last post by:
Hi,
I am building web in ASP.NET using VB.NET to code the pages. I want to generate random passwords for users. I know that password hashing is built right into the .NET Framework. I was...
|
by: dee |
last post by:
Hi
I'm writing a page withing our site that requires logins. Where should the
logins and passwords be kept? SqlServer/Access? Flat files? What are the
options and trade offs?
Thanks.
Dee
|
by: Dino Vliet |
last post by:
Hi folks,
probably this is a question you've heard so many times
but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me.
It looks like...
|
by: Showjumper |
last post by:
Using the HashPasswordForStoringInConfigFile method, does this create hashed
passwords that are strong enough or is it better to use the necryption
namespace and its related functions?
Ashok
|
by: Alfa & Omega |
last post by:
i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user's hard drive..
How can I protect that database from preveting user viewing it...or...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
