Re: How do I can check a password Hash in WSE 2.0

From: Paul Glavich [MVP - ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 06/12/04

  • Next message: Paul Glavich [MVP - ASP.NET]: "Re: SSL and IE / ASP.NET" 
    Date: Sat, 12 Jun 2004 19:19:05 +1000

    You need to have the original data (in this case the password), so that you
    can perform the same hashing algorithm against the data, get the rsultant
    hash, and then compare your computed hash against the supplied one.

    Hashing is not reversible in that you cannot reverse hash it to get the
    password or original data. Bottom line, you need the original password to
    compare against OR you simply store hashes in the database against the users
    profile, so that you never actually store passwords, only ever hashes of the
    passwords that are used for comparison. 

    -- 
- Paul Glavich
Microsoft MVP - ASP.NET
"Juan Irigoyen" <juan_irigoyen@hotmail.com> wrote in message
news:pohcac.s91.ln@orannews.oran.local...
>
>
> By example
>
> Client
>
> token = new UsernameToken("juan", "1111", PasswordOption.TextPlain );
>
>
> Server
>
>     protected override string AuthenticateToken( UsernameToken token )
>     {
>                 ncadena = '1111';
>          return ncadena;
>     }
>
>
> This sample go well but if the password is SendHashed the sample donīt
>
>
> Client
>
> token = new UsernameToken("juan", "1111", PasswordOption.SendHashed  );
>
>
> Server
>
>     protected override string AuthenticateToken( UsernameToken token )
>     {
>                 ncadena = '1111';
>          return ncadena;
>     }
>
>
> I donīt find example for this problem.
> Thanks,
>
>
>
>
  • Next message: Paul Glavich [MVP - ASP.NET]: "Re: SSL and IE / ASP.NET"

    Relevant Pages

    • Re: How do I can check a password Hash in WSE 2.0
      ... private string HashPassword (string nnonce, DateTime nfecha, string ... > hash, and then compare your computed hash against the supplied one. ... > password or original data. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Manipulation of Base64Strings
      ... I'm developing a Web App that uses a hashing algorithm to produce a string ... convert.tobase64string(final hash value) ... When I compare the values I use: ...
      (microsoft.public.dotnet.security)
    • Re: Convert struct to char* in C
      ... struct cert { ... int node_ca; ... hash structur and crypter the hash result with a public key. ... The purpose of computing a secure hash and signing it is to effectively prove that the key holder signed the original data. ...
      (comp.programming)
    • Re: How to encrypt the data of a field
      ... for the original data, but that is untrue for most of the world's ... magazine, or a combination of two simple words or names, possibly with a ... the password is trivial to find from the hash. ... En encrypted password can be decrypted. ...
      (microsoft.public.sqlserver.server)
    • Re: YAML::load help
      ... The difference between the original hash and the hash loaded from the ... yml file is that the original data shows the hash key, ... The .yml file shows that there is a!ruby/struct, but after the load, ...
      (comp.lang.ruby)