Last post Sep 14, 2008 07:21 PM by TATWORTH
Sep 09, 2008 03:05 AM|isjf|LINK
I'm maintain a website which is for user to retrive their password
I use oracle , C# , VS2003
the password was Encode by a .dll file. I have no idea which kind of Decode I should use to Encode Password
I don't get source code for Encode ... only the .dll to do the Encode Password
and now I want to Decode the Password , I have no idea how to do
can you please help?
my problem :
Add New Password , the password is testtest
testtest → .dll → AKYAlwClAKYApgCXAKUApg==
I don't know the .dll do what kind of Encode so the password become AKYAlwClAKYApgCXAKUApg==
now I need to recovery AKYAlwClAKYApgCXAKUApg== → testtest
how to do? is it possible?
Sep 09, 2008 04:12 AM|sbillingsley|LINK
there are thousands of different approaches and methods to securely encrypt passwords - most likely this is a "salted" password, which means that a static string is attached to the password and the then encrypted, when the user logs in the password is attached
to the salt value and then if the resulting encrypted string matches - then the user is logged in. Unless you know the details (and even if you know the details) if the password is encrypted, then that means you're not meant to see it or decrypt it. I would
suggest you authenticate the user using other means, and then let them set a new password, rather than trying to retrieve their existing password.
Sep 09, 2008 04:30 AM|isjf|LINK
hi, can you teach me how to set a new password for user?
step 1: when I forgot my password , enter some information then I will receive a e-mail
step 2: and a link including in e-mail , I click the link then page direct me to setting new password
do you mean that? if yes.. how to do the step 2?
if I want to including a link for user to reset password , which link I should included?
Sep 11, 2008 07:43 PM|sbillingsley|LINK
the method you mention is outside the scope of the membership provider - and you would need to write your own mechanism.
If you use the membership provider, then you simply call the membershipUser.ChangePassword method
Sep 14, 2008 07:21 PM|TATWORTH|LINK
Passwords are normally hashed not encrypted. When the user types in the password, it is hashed and hashes are compared.