Geek Answers Handbook

What does MD5 do with my password string?

I set my password to "13579" and the authentication mode forms convert it to MD5 as "mEXg8klnq0TwPFvAqytULA ==", but after a couple of minutes I tried again and create another one using the password "13579", but it is converted to another as " uM4gH8HO8cvoE0slg6OyKA == "What is the structure of MD5? Is this related to my username and time? I want to create the same password for my users so that I cannot create the same password if it is time-dependent.

+7
source share
5 answers

Your password is pre-populated by the ASP.NET membership provider . Look at your database, there will be a column in the Users table containing salt. The provider generates salt for each user and saves it in a table. This salt is then used to encrypt the password. Since each user has a different salt value, the same password in clear text will be different when encrypted.

You probably want to use a provider without salting - try Googling for the 'ASP.NET Memberhip Provider no salt', but you will probably end up subclassing your own provider. I do not think that there is an option in the provider settings in web.config to disable solarization.

+9
source

MD5 is a deterministic algorithm, so you probably experience "salt hashes." This means that some string or other data (such as a timestamp) is encoded in the password as β€œsalt” to enhance it.

Look at the database column named salt in the database to check the md5 results of your password, added with the creation date stamp, to find the salt.

+6
source

This final form is not MD5, but BASE-64, the MD5 hash is as follows: 9e107d9d372bb6826bd81d3542a419d6

MD5 really needs to generate the same hash with the same input parameters, however, without specific implementation details it’s hard to say what might cause the difference you see.

Basically, most likely, some value of salt, which changes if you do not know what salt is, see here .

+4
source

You see these == characters at the end of the lines .. thats for Base64 convert string.and = sign is used to fill.

Regarding the string you get. It is different because the ASP.Net membership provider assigns a different salt with each other user , so you get different hashes, even if the username is the same.

But in any case, if you set the same password for both users, you can log in using the same password .. because inside the combination of salt and the same password will always correspond to the corresponding hashes.

+2
source

MD5 results are consistent, but you will probably find that the username is also used, so the difference is due to different usernames. (Time would not be useful because you could not match the hashed password with anything).

0
source

More articles:


All Articles