tags:

views:

76

answers:

1
+2  Q: 

Password Encryption

Hello,

I have inherited a database that is throwing me for a loop. Each user in this database has a "Password" and a "HashedPassword". I changed my password to "Testing" and discovered that the database stores the password like the following:

Original: "Testing" 
Password Field: 211216058087052117197079019018007020147229039085161161
Hashed Password: 16e118ce2fd9e0cebda251af3a24fd6c5b6578ab

I was able to reverse engineer it to discover that the "Hashed Password" is generated using SHA1 encryption. My problem is, I can't figure out what is used for just the "Password Field". Can anyone give me any ideas of how to determine how the "Password Field" is generated? Can anyone look at this and tell me?

Thanks!

+5  A: 

If you don't have the original source, but do have a copy of the application and it's written in .net, then use Reflector to disassemble the application to review the code the original dev was using to store the passwords.

Chris Lively  2010-10-25 12:59:04
That should help... unless the code is obfuscated, which I would recommend to anyone writing cryptography code.
Peter  2010-10-25 13:03:01
Password hashing should not need to be obfuscated, if you need that then the hashing is to weak.
David Mårtensson  2010-10-25 13:10:10
Unfortunately, I do not have the source code. I only have some assemblies. Will Reflector work with just the assemblies?
 2010-10-25 13:14:02
@user462166: Reflector will work with any piece you have. If the user storage / retrieval is inside one of those assemblies then you can get to it.
Chris Lively  2010-10-25 13:39:27
Yes Reflector works on just the assemblies
Redth  2010-10-25 13:40:04

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?