Here's the deal: I'm moving a .NET website to Python. I have a database with passwords hashed using the System.Security.Cryptography.SHA1Managed utility.
I'm creating the hash in .NET with the following code:
string hashedPassword = Cryptographer.CreateHash("MYHasher", userInfo.Password);
The MYHasher block looks like this:
<add algorithmType="System.Security.Cryptography.SHA1Managed, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=blahblahblah"
saltEnabled="true" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=3.0.0.0, Culture=neutral, PublicKeyToken=daahblahdahdah"
name="MYHasher" />
So for a given password, I get back and store in the database a 48 byte salted sha1. I assume the last 8 bytes are the salt. I have tried to reproduce the hashing process in python by doing a sha1(salt + password) and sha1(password + salt) but I'm having no luck.
My question to you:
- How are the public keys being used?
- How is the password rehashed using the salt.
- How is the salt created? (e.g., When I say saltEnabled="true", what extra magic happens?)
I need specific details that don't just reference other .NET libraries, I'm looking for the actual operational logic that happens in the blackbox.
Thanks!