importing "stringed" MD5 passwords for membership

[Mike Tallman]

In my current database I have passwords that were hashed and then stored
using the following method:

public static string Encrypt(string cleanString)
{
Byte[] clearBytes = new UnicodeEncoding().GetBytes(cleanString);
Byte[] hashedBytes =
((HashAlgorithm) CryptoConfig.CreateFromName
("MD5")).ComputeHash(clearBytes);
return BitConverter.ToString(hashedBytes);
}

I would like to use these passwords with the standard membership provider -
is it possible to convert the passwords into something the standard provider
can understand? I'm thinking if I could reverse the BitConverter ToString()
call I should be able to use the hashedBytes in the database. Does that make
sense, or is it even possible? Thanks

 

[Dominick Baier [DevelopMentor]]

Hi,

the sql membership provider supports salted MD5 hashes (via the hashAlgorithmType
property) - so what *could* work:

revert the string back to a byte array
convert the byte array to a base64 string

use the createUser stored procedure in aspnetdb to add the user (provide
the base64 encoded string as the password) and set an empty salt.

....and tell us if this works

 

[Mike Tallman]

Thanks Dominick - it works!

For future reference, here is how I converted the converted the stringed
hash back to a byte array, back to base64 before inserting:

string[] chars = stringedHash.Split('-');
byte[] b = new byte[chars.Length];
for (int i = 0; i < chars.Length; i++)
{
b = (byte)Byte.Parse(chars, NumberStyles.HexNumber);
}
string hash = Convert.ToBase64String(b, Base64FormattingOptions.None);

Thanks again

Hi,

the sql membership provider supports salted MD5 hashes (via the hashAlgorithmType
property) - so what *could* work:

revert the string back to a byte array
convert the byte array to a base64 string

use the createUser stored procedure in aspnetdb to add the user (provide
the base64 encoded string as the password) and set an empty salt.

....and tell us if this works

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

In my current database I have passwords that were hashed and then
stored using the following method:

public static string Encrypt(string cleanString)
{
Byte[] clearBytes = new UnicodeEncoding().GetBytes(cleanString);
Byte[] hashedBytes =
((HashAlgorithm) CryptoConfig.CreateFromName
("MD5")).ComputeHash(clearBytes);
return BitConverter.ToString(hashedBytes);
}
I would like to use these passwords with the standard membership
provider - is it possible to convert the passwords into something the
standard provider can understand? I'm thinking if I could reverse the
BitConverter ToString() call I should be able to use the hashedBytes
in the database. Does that make sense, or is it even possible?
Thanks