Digest authentication and MD5 passwords

Discussion in 'ASP .Net Security' started by casper, Jan 6, 2006.

  1. casper

    casper Guest

    I have implemented Peter Brombergs "Digest authentication with
    database" (http://www.eggheadcafe.com/articles/20030701.asp) on my
    website.
    It works great, a login box is displayed and username and password are
    validated with the sql data.
    My problem is that this implementation requires that the password are
    stored in clear text, I want to change this so the password are stored
    MD5 encrypted.

    So my questions are:
    Is possible?
    Can Brombergs code be changed to support MD5 passwords?
    Are there any alternatives now that I have upgraded to ASP.NET 2.0?

    Thanks

    Casper
     
    casper, Jan 6, 2006
    #1
    1. Advertising

  2. casper

    Ken Schaefer Guest

    Hi,

    I didn't read through all the code, however with Digest Authentication, the
    password should come from the client already hashed. You could store that
    hashed version in your DB as well. From memory, the Digest spec then
    requires the client to use a temporary challenge, plus the hash, to generate
    a new hash. You'd need to perform this operation server-side as well. Read
    the Digest RFC spec for details is my recommendation.

    Cheers
    Ken


    "casper" <> wrote in message
    news:...
    :I have implemented Peter Brombergs "Digest authentication with
    : database" (http://www.eggheadcafe.com/articles/20030701.asp) on my
    : website.
    : It works great, a login box is displayed and username and password are
    : validated with the sql data.
    : My problem is that this implementation requires that the password are
    : stored in clear text, I want to change this so the password are stored
    : MD5 encrypted.
    :
    : So my questions are:
    : Is possible?
    : Can Brombergs code be changed to support MD5 passwords?
    : Are there any alternatives now that I have upgraded to ASP.NET 2.0?
    :
    : Thanks
    :
    : Casper
    :
     
    Ken Schaefer, Jan 9, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    685
    Jakob Simon-Gaarde
    Sep 21, 2005
  2. Tammy Mc
    Replies:
    3
    Views:
    217
    Tammy Mc
    Oct 1, 2006
  3. Peña, Botp
    Replies:
    1
    Views:
    107
    Peña, Botp
    Oct 27, 2006
  4. myalo
    Replies:
    4
    Views:
    1,304
    A. Sinan Unur
    Nov 28, 2007
  5. Replies:
    2
    Views:
    333
    Julian Cromarty
    Jun 26, 2013
Loading...

Share This Page