Menu
I set my password "13579" and the authentication mode forms convert it to MD5 like "mEXg8klnq0TwPFvAqytULA==" but after couples of minutes I tried again and create another one by the same password "13579" but it converts to different one like "uM4gH8HO8cvoE0slg6OyKA==" what is the structure of MD5 ? Is it related to my username and time? I want to create the same password for my users so I couldn't create the same password if it is depend on time.
943
The MD5 hash function was originally designed for use as a secure cryptographic hash algorithm for authenticating digital signatures. But MD5 has been deprecated for uses other than as a noncryptographic checksum to verify data integrity and detect unintentional data corruption.
Unfortunately, MD5 has been cryptographically broken and considered insecure. For this reason, it should not be used for anything. Instead, developers should switch to the Secure Hash Algorithm or a Symmetric Cryptographic Algorithm.
The MD5 message-digest algorithm is a cryptographically broken but still widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities.
MD5 (message-digest algorithm) is a cryptographic protocol used for authenticating messages as well as content verification and digital signatures. MD5 is based on a hash function that verifies that a file you sent matches the file received by the person you sent it to.
Your password is salted by ASP.NET Membership provider - take a look at your database, there will be a column in Users table that contains the salt. Provider generates the salt for each user and stores it in the table. This salt is then used to encrypt the password. As each user has a different salt value the same password in clear text will be different when encrypted.
You probably want to use the provider without salting - try Googling for 'ASP.NET Membership Provider no salt' but you will probably will end up subclassing your own provider. I don't think there is an option on provider settings in web.config to turn salting off.
105
MD5 is a deterministic algorithm, therefor you're probably experiencing "salted hashes". That means, that some string or other data (e.g. a timestamp) is encoded in the password as "salt" to strengthen it.
Look out for a database column called salt in the database of check the md5-results of your password appended with a creation-date timestamp to find the salt.
43
That final form is not MD5 but BASE-64, an MD5 hash looks like this: 9e107d9d372bb6826bd81d3542a419d6
MD5 should indeed generate the same hash given the same input parameters, however without specific implementation details it's hard to say what would cause the difference you see.
It's mostly likely some kind of salt value that changes, if you are unsure what a salt value is, see here.
34
You see those == signs at the end of strings.. thats for Base64 converted string.and = sign is used for padding.
As for the string you are getting. It is different because ASP.Net membership Provider assigns a different salt with each different user so you get different hashes even if user name is same.
But anyway if you have set same password for both users you can login with using the same password.. because internally the Mix of Salt and Same Password will always match to the their respective hashes.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
