Generating hash value

Discussion in 'ASP .Net Security' started by Eliyahu Goldin, Dec 28, 2003.

  1. Following Microsoft recommendations, I'd like to store a one-way passport
    hash of a user's password. .NET provides method
    FormsAuthentication.HashPasswordForStoringinConfigFile (...) to generate a
    hash value with either SHA1 or MD5 algorithm. My problem is that the
    password is to be generated on a workstation with no .NET installed. How can
    I generate a hash value without .NET in the same way as
    HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
    Crypto API calls with the same effect? An external stored procedure on the
    server side?

    Eliyahu
    Eliyahu Goldin, Dec 28, 2003
    #1
    1. Advertising

  2. Yes, CryptoAPI supports calculating hashes using functions:
    CryptCreateHash
    CryptHashData
    CryptGetHashParam (with dwParam = HP_HASHVAL to get actual hash buffer)
    Start here:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/data_hashes.asp

    The byte order in the capi buffer returned is identical to data in .NET
    HashPasswordForStoringinConfigFile string.
    You only need to convert the byte buffer into an ordered hex-string to match the .NET hash string.

    - Michel Gallant
    MVP Security


    "Eliyahu Goldin" <> wrote in message
    news:...
    > Following Microsoft recommendations, I'd like to store a one-way passport
    > hash of a user's password. .NET provides method
    > FormsAuthentication.HashPasswordForStoringinConfigFile (...) to generate a
    > hash value with either SHA1 or MD5 algorithm. My problem is that the
    > password is to be generated on a workstation with no .NET installed. How can
    > I generate a hash value without .NET in the same way as
    > HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
    > Crypto API calls with the same effect? An external stored procedure on the
    > server side?
    >
    > Eliyahu
    >
    >
    Michel Gallant, Dec 28, 2003
    #2
    1. Advertising

  3. Eliyahu Goldin

    Andy Guest

    > Crypto API calls with the same effect? An external stored procedure on the
    > server side?

    you can use XP_CRYPT (www.activecrypt.com). Free version supports SHA1, MD5
    and DES hashes without limitations.
    Andy, Dec 28, 2003
    #3
  4. Thanks Michel and Andy,

    Your answers are exactly what I need.

    Eliyahu
    Eliyahu Goldin, Dec 29, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. rp
    Replies:
    1
    Views:
    518
    red floyd
    Nov 10, 2011
  2. Une bévue
    Replies:
    5
    Views:
    149
    Une bévue
    Aug 10, 2006
  3. Srijayanth Sridhar
    Replies:
    19
    Views:
    616
    David A. Black
    Jul 2, 2008
  4. Ralf Baerwaldt
    Replies:
    1
    Views:
    132
    Paul Lalli
    Jul 20, 2004
  5. bernd
    Replies:
    0
    Views:
    623
    bernd
    Apr 24, 2012
Loading...

Share This Page