Thanks Jochem,
Yeah, I'm one of those types that wields whatever lightsabre is given
to him. ;-)
Perfect, thanks for the heads up on how that translates in PHP. Yeah,
good idea on the dual column. I was thinking the same thing, and it
seems to be the most non-intrusive way to add it into the new data
model.
Thanks for the help! Greatly appreciated!
-Jason
On 1/2/07, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
Jason Alexander wrote:
> Hey there,
>
>
> I'm currently working on converting an ASP.NET, C# site/application to
> PHP, and I've run into a small snag. The login algorithm hashes the
welcome to the other side, did you get a refund for the red lightsabre?
;-) [go on keep reading, you'll to the useful bit of the reply eventually...]
> user passwords like so:
>
> MD5 md1 = new MD5CryptoServiceProvider();
> byte[] buffer1 = new ASCIIEncoding().GetBytes(stringToHash);
> byte[] buffer2 = md1.ComputeHash(buffer1);
> md1.Clear();
> return Convert.ToBase64String(buffer2);
>
holy smoke - all those line to do what seems to ammount to (in php):
function myHash($s) {
return base64_encode(md5($s));
}
>
> The challenge here is that in this conversion, I'm also migrating the
> users over to a different system which uses a completely different
> hashing mechanism. So, really, I need to be able to un-hash these
> values, if that's even possible.
>
> Thoughts? Options? I'm afraid this is one way hash, that I'm not going
> to be able to do anything about, unfortunately.
well you out of luck regarding simply converting the md5 hashes to
another encryption form (e.g. sha1).
obviously php does have a way to gen md5 hashes using the function md5()
you might consider writing a login routine that makes use of 2 password fields,
one for the md5 hash and one for the new hash. if the a user attempts a login and
the 'new hash' field is empty an md5 hash of the given password is checked
against the 'md5 hash' field - if it matches then a hash is made of the given
password using the new hashing mechanism and that is stored in the 'new hash' field
(after which the 'md5 hash' field can be cleared and the future logins will be checked
against the 'new hash' field) ... some time in the future it may be possible to
recode the login and remove the 'md5 hash' field completely.
the use of base64 encoding in your sample code might complicate the solution
a tiny bit but hopefully you get the idea.
>
>
> TIA,
> -Jason
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
