Jason Alexander wrote: > Hey there, > > > I'm currently working on converting an ASP.NET, C# site/application to > PHP, and I've run into a small snag. The login algorithm hashes the welcome to the other side, did you get a refund for the red lightsabre? ;-) [go on keep reading, you'll to the useful bit of the reply eventually...] > user passwords like so: > > MD5 md1 = new MD5CryptoServiceProvider(); > byte[] buffer1 = new ASCIIEncoding().GetBytes(stringToHash); > byte[] buffer2 = md1.ComputeHash(buffer1); > md1.Clear(); > return Convert.ToBase64String(buffer2); > holy smoke - all those line to do what seems to ammount to (in php): function myHash($s) { return base64_encode(md5($s)); } > > The challenge here is that in this conversion, I'm also migrating the > users over to a different system which uses a completely different > hashing mechanism. So, really, I need to be able to un-hash these > values, if that's even possible. > > Thoughts? Options? I'm afraid this is one way hash, that I'm not going > to be able to do anything about, unfortunately. well you out of luck regarding simply converting the md5 hashes to another encryption form (e.g. sha1). obviously php does have a way to gen md5 hashes using the function md5() you might consider writing a login routine that makes use of 2 password fields, one for the md5 hash and one for the new hash. if the a user attempts a login and the 'new hash' field is empty an md5 hash of the given password is checked against the 'md5 hash' field - if it matches then a hash is made of the given password using the new hashing mechanism and that is stored in the 'new hash' field (after which the 'md5 hash' field can be cleared and the future logins will be checked against the 'new hash' field) ... some time in the future it may be possible to recode the login and remove the 'md5 hash' field completely. the use of base64 encoding in your sample code might complicate the solution a tiny bit but hopefully you get the idea. > > > TIA, > -Jason > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php