Whilst you cannot convert the hash back to password, it is quite simple to mount a dictionary attack to try every possible word to see if the hashes match.
Click "Mark as Answer" on the post that helped you.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
I am not trying to go from a hash back to the password (Reading is Fundamental).
I'm simply trying to figure out how the heck Microsoft is doing their SHA-1 hashing. It's not as simple as just passing a string through a SHA-1 hasher and I can't figure out what MS is doing.
I am trying to take a known password and has it in such a way as I get what Microsoft is getting.
A brute force attack every time is not the least bit sensible.
>I am not trying to go from a hash back to the password (Reading is Fundamental).
If you really need to read the password instead of comparing hashes then you should use encryption instead of hashing.
Click "Mark as Answer" on the post that helped you.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
Just been trying to work this out myself, basically since the salt in the database is base64 encoded you can modify the code given above to get what I think you want. The saltBase64 string should be the password salt from the ASP Membership table.
If anyone happens to come by and knows how the Salt is generated, that'd be good to know...
Otherwise, I think I'm safe in saying that the salt seems to be generated when the user is created but doesn't change after that. If this is mistaken, please make a comment saying such!
>If anyone happens to come by and knows how the Salt is generated, that'd be good to know.
Get a new GUID and just cast it to a string.
Click "Mark as Answer" on the post that helped you.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
That is correct (afaik), the salt is generated when the user is created then never changed.
If you for some reason want to re-generate the salt value, be aware that you will have to generate new values for both password hash and the security question answer hash since the single salt is used for both. If you do this you will need the plain-text
for these two values.
I dont know exactly how microsoft create the salt, the GUID approach given above should work, personally I would use the RNGCryptoServiceProvider to create some random data, then convert this to a base64 string to be stored in the database.
byte[] aByteArray = new byte[8];
// Im not sure about this length - may need to be longer to generate the same strings as MS generate.
RandomNumberGenerator rng = RNGCryptoServiceProvider.Create();
rng.GetBytes(aByteArray); string b64Salt = Convert.ToBase64String(aByteArray);
Could you explain how exactly did it worked. I tried with some passwords in my Aspnet table and it failed. I also tried with the password you provided in your first post, and also failed. I use VB, so, this is my function:
Function EncodePassword(ByVal pass As String, ByVal salt As String) As String
Dim bytes As Byte() = Encoding.Unicode.GetBytes(pass)
Dim src As Byte() = Convert.FromBase64String(salt)
Dim dst(src.Length + bytes.Length) As Byte
System.Buffer.BlockCopy(src, 0, dst, 0, src.Length)
System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length)
Dim HashAlg As System.Security.Cryptography.HashAlgorithm = System.Security.Cryptography.HashAlgorithm.Create("SHA1")
Dim inArray = HashAlg.ComputeHash(dst)
Return Convert.ToBase64String(inArray)
End Function
Error 2 'bool' does not contain a definition for 'BlockCopy' and no extension method 'BlockCopy' accepting a first argument of type 'bool' could be found (are you missing a using directive or an assembly reference?)
Even i tired to add namespace but i came to know it was in System Namespace
Please give me suggestion.
Regards,
Srinivas Ganaparthi,
'All things are difficult before they are easy'
My Blog
TATWORTH
All-Star
72415 Points
14017 Posts
MVP
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Jan 13, 2009 10:39 AM|LINK
Whilst you cannot convert the hash back to password, it is quite simple to mount a dictionary attack to try every possible word to see if the hashes match.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
VincentV
Member
3 Points
7 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Jan 13, 2009 02:06 PM|LINK
*sigh*
No.
I am not trying to go from a hash back to the password (Reading is Fundamental).
I'm simply trying to figure out how the heck Microsoft is doing their SHA-1 hashing. It's not as simple as just passing a string through a SHA-1 hasher and I can't figure out what MS is doing.
I am trying to take a known password and has it in such a way as I get what Microsoft is getting.
A brute force attack every time is not the least bit sensible.
TATWORTH
All-Star
72415 Points
14017 Posts
MVP
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Jan 13, 2009 03:24 PM|LINK
>I am not trying to go from a hash back to the password (Reading is Fundamental).
If you really need to read the password instead of comparing hashes then you should use encryption instead of hashing.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
slick_nic
Member
14 Points
2 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Jan 28, 2009 08:24 PM|LINK
Hi,
Just been trying to work this out myself, basically since the salt in the database is base64 encoded you can modify the code given above to get what I think you want. The saltBase64 string should be the password salt from the ASP Membership table.
public string EncodePassword(string pass, string saltBase64) { byte[] bytes = Encoding.Unicode.GetBytes(pass); byte[] src = Convert.FromBase64String(saltBase64); byte[] dst = new byte[src.Length + bytes.Length]; Buffer.BlockCopy(src, 0, dst, 0, src.Length); Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); HashAlgorithm algorithm = HashAlgorithm.Create("SHA1"); byte[] inArray = algorithm.ComputeHash(dst); return Convert.ToBase64String(inArray); }Nic,VincentV
Member
3 Points
7 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Feb 02, 2009 05:18 PM|LINK
YES!
This seems to have done nicely!
Thanks for the help, jlchereau and slick_nic!
If anyone happens to come by and knows how the Salt is generated, that'd be good to know...
Otherwise, I think I'm safe in saying that the salt seems to be generated when the user is created but doesn't change after that. If this is mistaken, please make a comment saying such!
Thanks!
TATWORTH
All-Star
72415 Points
14017 Posts
MVP
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Feb 02, 2009 08:02 PM|LINK
>If anyone happens to come by and knows how the Salt is generated, that'd be good to know.
Get a new GUID and just cast it to a string.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
slick_nic
Member
14 Points
2 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Feb 03, 2009 12:26 AM|LINK
That is correct (afaik), the salt is generated when the user is created then never changed.
If you for some reason want to re-generate the salt value, be aware that you will have to generate new values for both password hash and the security question answer hash since the single salt is used for both. If you do this you will need the plain-text for these two values.
I dont know exactly how microsoft create the salt, the GUID approach given above should work, personally I would use the RNGCryptoServiceProvider to create some random data, then convert this to a base64 string to be stored in the database.
byte[] aByteArray = new byte[8]; // Im not sure about this length - may need to be longer to generate the same strings as MS generate.
RandomNumberGenerator rng = RNGCryptoServiceProvider.Create();
rng.GetBytes(aByteArray);
string b64Salt = Convert.ToBase64String(aByteArray);
Hope this is usefull,
Nic.
LucioMarques
Member
10 Points
8 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Nov 11, 2009 10:15 AM|LINK
Hey VicentV,
Could you explain how exactly did it worked. I tried with some passwords in my Aspnet table and it failed. I also tried with the password you provided in your first post, and also failed. I use VB, so, this is my function:
Function EncodePassword(ByVal pass As String, ByVal salt As String) As String Dim bytes As Byte() = Encoding.Unicode.GetBytes(pass) Dim src As Byte() = Convert.FromBase64String(salt) Dim dst(src.Length + bytes.Length) As Byte System.Buffer.BlockCopy(src, 0, dst, 0, src.Length) System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length) Dim HashAlg As System.Security.Cryptography.HashAlgorithm = System.Security.Cryptography.HashAlgorithm.Create("SHA1") Dim inArray = HashAlg.ComputeHash(dst) Return Convert.ToBase64String(inArray) End FunctionSo:
EncodePassword ("crippen","B+LGKhw2EQRs6oGyntFv8g==") - Returns: "sGLyTrbsM75Y9+8W4lwl/jNx7+Q="
Should be: "6Ou2HJQuSEHxLbsSMZgeTpHuj90="
Is it right? What I'm missing?
<div></div><div style="position: absolute; left: -10000px; top: 102px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste"> me.EncodePassword ("crippen","B+LGKhw2EQRs6oGyntFv8g==") "sGLyTrbsM75Y9+8W4lwl/jNx7+Q=" String</div> <div></div>
LucioMarques
Member
10 Points
8 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Nov 11, 2009 09:26 PM|LINK
To register:
MS MembershipProvider default hash function:
MS Salt is generated this way:
Thanx for all the help!
ganaparthi
Participant
1266 Points
330 Posts
Re: ASP.NET Membership and User Password Hashing (SHA1) Issues
Apr 26, 2011 06:50 AM|LINK
Hi Here i am getting following error
Error 2 'bool' does not contain a definition for 'BlockCopy' and no extension method 'BlockCopy' accepting a first argument of type 'bool' could be found (are you missing a using directive or an assembly reference?)
Even i tired to add namespace but i came to know it was in System Namespace
Please give me suggestion.
Srinivas Ganaparthi,
'All things are difficult before they are easy'
My Blog