You can reverse the base64 easily enough. You ain't gonna reverse md5 in this lifetime. The dual-column could work, or you could just accept the password if it matches either routine in a single column. The odds of your new algorithm coincidentally matching the base64(md5()) of another user and giving access to a Bad Guy is effectively nil. On Tue, January 2, 2007 3:20 pm, Jason Alexander wrote: > Hey there, > > > I'm currently working on converting an ASP.NET, C# site/application to > PHP, and I've run into a small snag. The login algorithm hashes the > user passwords like so: > > MD5 md1 = new MD5CryptoServiceProvider(); > byte[] buffer1 = new ASCIIEncoding().GetBytes(stringToHash); > byte[] buffer2 = md1.ComputeHash(buffer1); > md1.Clear(); > return Convert.ToBase64String(buffer2); > > > The challenge here is that in this conversion, I'm also migrating the > users over to a different system which uses a completely different > hashing mechanism. So, really, I need to be able to un-hash these > values, if that's even possible. > > Thoughts? Options? I'm afraid this is one way hash, that I'm not going > to be able to do anything about, unfortunately. > > > TIA, > -Jason > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
