J
johnrudy3
Bit of an interesting problem I've encountered -- and one which I'm
sure is due to my own ignorance in the ways of cryptography.
I have a fairly simple trouble ticket-tracking application I've just
rolled out from my dev machine to our test server here at work, so the
techies can start beating up on it. The logins use a one-way hash using
the SHA1 algorithm to store the passwords in the database.
(Basic process: When creating a user, supply password, it gets hashed
and sent in. When user logs on, hash their entered password and compare
bytes against what's in DB.)
This works GREAT on my system. But I performed a backup of the SQL
Server database for this app, restored the backup on our test server,
deployed the application, tied it to the server, and none of the logins
work now.
The hashed password bytes are the same on test as on my machine.
I am typing the passwords in correctly. (Figured I'd toss that out NOW
....
)
The component that performs the hashing and comparisons is deployed to
both machines in the bin directory of the virtual directory.
The component that performs the hashing and comparisons is the same
version on both machines.
The web app components are the same versions on both machines.
And, um, naturally I didn't build in any back doors.
Are there any known issues with the hashing that might be
machine-specific? Any workarounds? Will I have to kick open a remote
debug session against the server to trace this ugliness?
Any help would be appreciated. Thanks in advance, and happy new year!
John Rudy
(e-mail address removed)
sure is due to my own ignorance in the ways of cryptography.
I have a fairly simple trouble ticket-tracking application I've just
rolled out from my dev machine to our test server here at work, so the
techies can start beating up on it. The logins use a one-way hash using
the SHA1 algorithm to store the passwords in the database.
(Basic process: When creating a user, supply password, it gets hashed
and sent in. When user logs on, hash their entered password and compare
bytes against what's in DB.)
This works GREAT on my system. But I performed a backup of the SQL
Server database for this app, restored the backup on our test server,
deployed the application, tied it to the server, and none of the logins
work now.
The hashed password bytes are the same on test as on my machine.
I am typing the passwords in correctly. (Figured I'd toss that out NOW
....
)The component that performs the hashing and comparisons is deployed to
both machines in the bin directory of the virtual directory.
The component that performs the hashing and comparisons is the same
version on both machines.
The web app components are the same versions on both machines.
And, um, naturally I didn't build in any back doors.
Are there any known issues with the hashing that might be
machine-specific? Any workarounds? Will I have to kick open a remote
debug session against the server to trace this ugliness?
Any help would be appreciated. Thanks in advance, and happy new year!
John Rudy
(e-mail address removed)