Generating hash value

E

Eliyahu Goldin

Following Microsoft recommendations, I'd like to store a one-way passport
hash of a user's password. .NET provides method
FormsAuthentication.HashPasswordForStoringinConfigFile (...) to generate a
hash value with either SHA1 or MD5 algorithm. My problem is that the
password is to be generated on a workstation with no .NET installed. How can
I generate a hash value without .NET in the same way as
HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
Crypto API calls with the same effect? An external stored procedure on the
server side?

Eliyahu
 
M

Michel Gallant

Yes, CryptoAPI supports calculating hashes using functions:
CryptCreateHash
CryptHashData
CryptGetHashParam (with dwParam = HP_HASHVAL to get actual hash buffer)
Start here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/data_hashes.asp

The byte order in the capi buffer returned is identical to data in .NET
HashPasswordForStoringinConfigFile string.
You only need to convert the byte buffer into an ordered hex-string to match the .NET hash string.

- Michel Gallant
MVP Security
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Generating valid identifiers 8
Auto-Generating Passwords That Require User to Change 1
Subclassing Hash to enforce value uniqueness ala key uniqueness. 5
Blowfish hash 1
hash value inconsistencies 6
Hash Problem 6
Nested hash with arrays for default value 11
Problem generating MD5 hash from asp classic like .NET 0

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 678

Forum statistics

Threads
473,769
Messages
2,569,581
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top