MD5 Problem

  • Thread starter Thread starter Chris Newald
  • Start date Start date
C

Chris Newald

Hello there,

Not sure if I'm in the right newsgroup but here it is anyway...

I store web passwords by encrypting them using a simple MD5 .dll I wrote a
little while ago using C#. User passwords are stored as binary data in the
database. When a user enters his/her password the newly entered password is
encrypted and the new binary arrays are compared to those in the database.
Long story short, no one besides the user can know the password.

Recently I needed to recompile the .dll. After recompiling none of the
passwords work. The new binary arrays are different than the ones in the
database. My old .dll still works but the newly compiled one does not.

Why would recompiling the dll change the way the same passwords are
encrypted?

Also, I've compared the files using a file compare and they are identical.

I need to recompile the file and I have a number of users who can't get
locked out of the site. Any help would be appreciated.

Thanks,
Chris


My encryption function:

public byte[] encryptPassword(string passwordString, string salt)
{
byte[] encryptedPass;
string password;
System.Security.Cryptography.MD5CryptoServiceProvider md5Hasher;
System.Text.UTF8Encoding encoder;

// Generate a secure password string to encript
password = passwordString.Trim() + salt;

encoder = new System.Text.UTF8Encoding();
md5Hasher = new System.Security.Cryptography.MD5CryptoServiceProvider();
encryptedPass =
md5Hasher.ComputeHash(encoder.GetBytes(passwordString.Trim()));

return encryptedPass;
}
 
Hello there,

Not sure if I'm in the right newsgroup but here it is anyway...

I store web passwords by encrypting them using a simple MD5 .dll I wrote a
little while ago using C#. User passwords are stored as binary data in the
database. When a user enters his/her password the newly entered password is
encrypted and the new binary arrays are compared to those in the database.
Long story short, no one besides the user can know the password.

Recently I needed to recompile the .dll. After recompiling none of the
passwords work. The new binary arrays are different than the ones in the
database. My old .dll still works but the newly compiled one does not.

Why would recompiling the dll change the way the same passwords are
encrypted?

Also, I've compared the files using a file compare and they are identical.

I need to recompile the file and I have a number of users who can't get
locked out of the site. Any help would be appreciated.

Thanks,
Chris


My encryption function:

public byte[] encryptPassword(string passwordString, string salt)
{
byte[] encryptedPass;
string password;
System.Security.Cryptography.MD5CryptoServiceProvider md5Hasher;
System.Text.UTF8Encoding encoder;

// Generate a secure password string to encript
password = passwordString.Trim() + salt;

encoder = new System.Text.UTF8Encoding();
md5Hasher = new System.Security.Cryptography.MD5CryptoServiceProvider();
encryptedPass =
md5Hasher.ComputeHash(encoder.GetBytes(passwordString.Trim()));
Click to expand...
^^^^^^^^^^^^^^
Shouldn't this be password, not passwordString? It looks like you are
just hashing the password and not password + salt, which I presume you
intended to do.

rossum
 
That was the problem. I noticed it a while later. I even missed it in the
file compare.

Thanks,
Chris

rossum said:
Hello there,

Not sure if I'm in the right newsgroup but here it is anyway...

I store web passwords by encrypting them using a simple MD5 .dll I wrote a
little while ago using C#. User passwords are stored as binary data in
the
database. When a user enters his/her password the newly entered password
is
encrypted and the new binary arrays are compared to those in the database.
Long story short, no one besides the user can know the password.

Recently I needed to recompile the .dll. After recompiling none of the
passwords work. The new binary arrays are different than the ones in the
database. My old .dll still works but the newly compiled one does not.

Why would recompiling the dll change the way the same passwords are
encrypted?

Also, I've compared the files using a file compare and they are identical.

I need to recompile the file and I have a number of users who can't get
locked out of the site. Any help would be appreciated.

Thanks,
Chris


My encryption function:

public byte[] encryptPassword(string passwordString, string salt)
{
byte[] encryptedPass;
string password;
System.Security.Cryptography.MD5CryptoServiceProvider md5Hasher;
System.Text.UTF8Encoding encoder;

// Generate a secure password string to encript
password = passwordString.Trim() + salt;

encoder = new System.Text.UTF8Encoding();
md5Hasher = new
System.Security.Cryptography.MD5CryptoServiceProvider();
encryptedPass =
md5Hasher.ComputeHash(encoder.GetBytes(passwordString.Trim()));
Click to expand...
^^^^^^^^^^^^^^
Shouldn't this be password, not passwordString? It looks like you are
just hashing the password and not password + salt, which I presume you
intended to do.

rossum
return encryptedPass;
}
Click to expand...
Click to expand...
 
Back
Top