encryption - ASP.NET MembershipProvider uses passwordSalt when encrypting -



encryption - ASP.NET MembershipProvider uses passwordSalt when encrypting -

i've question asp.net membership (from .net 2.0), , more way encrypts passwords (when take encrypt them, , not hash then), , way verifies them.

i under impression password salt create sense if take hash passwords, , not encrypt them. and, according msdn documentation on old-school membership providers

passwordsalt nvarchar(128) randomly generated 128-bit value used salt password hashes; stored in base-64-encoded form

but, i've tried changing salt password that's stored encrypted, , validation of password stopped working (the encrypted password not changed, passwordsalt).

so, passwordsalt involved when encrypting/validating password using membership providers (since validation stopped working, i'd is, i've no thought why)?

thanks, , best.

edit: i've tried inputting invalid base64 salt, , got stacktrace, bit weird in opinion, encryption check. looks more hash check. weird thing none of documented on msdn.

[formatexception: invalid length base-64 char array or string.] system.convert.frombase64_decode(char* startinputptr, int32 inputlength, byte* startdestptr, int32 destlength) +14390811 system.convert.frombase64charptr(char* inputptr, int32 inputlength) +162 system.convert.frombase64string(string s) +56 system.web.security.sqlmembershipprovider.encodepassword(string pass, int32 passwordformat, string salt) +148 system.web.security.sqlmembershipprovider.checkpassword(string username, string password, boolean updatelastloginactivitydate, boolean failifnotapproved, string& salt, int32& passwordformat) +245 system.web.security.sqlmembershipprovider.validateuser(string username, string password) +195

i've managed step-into system.web.dll , found cause. apparently, msdn documentation not implementation.

in case encryption selected, apparently utilize salt.

private string encodepassword(string pass, int passwordformat, string salt) { byte[] bin = encoding.unicode.getbytes(pass); byte[] bsalt = convert.frombase64string(salt); byte[] bret = null; ... byte[] ball = new byte[bsalt.length + bin.length]; buffer.blockcopy(bsalt, 0, ball, 0, bsalt.length); buffer.blockcopy(bin, 0, ball, bsalt.length, bin.length); bret = encryptpassword(ball, _legacypasswordcompatibilitymode); }

encryption hash

Comments

Post a Comment

Popular posts from this blog

assembly - What is the addressing mode for ld, add, and rjmp instructions? -

assembly - What is the addressing mode for ld, add, and rjmp instructions? - hey guys know ldi (load immediate) addressing mode set immediate , st instruction addressing mode set index. however, have no thought others curious are! thanks :) the addressing modes explained in instruction set, in first few pages. in table of instructions see operands instruction determine addressing mode. mode indicated arguments assembly instruction. for example, ld had several different ways of operating, depending on arguments. 1 of them ld rd,x d number of register, such ld r3,x . ld r3,-z else (although both indirect addressing). rjmp k relative addressing, jumping pc + k + 1. add rr,rd direct register addressing. result contained in rd. assembly avr instructions
Read more

vowpalwabbit - Interpreting Vowpal Wabbit results: Why are some lines appended by "h"? -

vowpalwabbit - Interpreting Vowpal Wabbit results: Why are some lines appended by "h"? - below part of log training vw model. why of these lines followed h? you'll notice that's true of "average loss" line in summary @ end. i'm not sure means, or if should care. ... average since illustration illustration current current current loss lastly counter weight label predict features 1.000000 1.000000 1 1.0 -1.0000 0.0000 15 0.500000 0.000000 2 2.0 1.0000 1.0000 15 1.250000 2.000000 4 4.0 -1.0000 1.0000 9 1.167489 1.084979 8 8.0 -1.0000 1.0000 29 1.291439 1.415389 16 16.0 1.0000 1.0000 45 1.096302 0.901166 32 32.0 -1.0000 -1.0000 21 1.299807 1.503312 64 64.0 -1.0000 1.0000 ...
Read more

Is there a way to convert an HTML page styled with Bootstrap CSS into email-compatible html? -

Is there a way to convert an HTML page styled with Bootstrap CSS into email-compatible html? - is there way convert html page styled bootstrap css html email compatible form? see there exclusively different css frameworks, ink, creating email compatible html, there flow creating email doesn't require utilize of different css framework? there html -> pdf -> email html flow? or other flow? no, couple of reasons... first, there no reliable css or html email. clients on place in terms of css back upwards & how render html, structural/semantic problem. isn't converting classes much altering html structure. as explained in this css tricks post, typical solution ol-skool techniques table-based layouts, requiring exclusively restructure existing html. have add together client-specific hacks. second, , more importantly, shouldn't send everything on existing page email. if it's newsletter subscribers, people won't read it. instead, create ...
Read more