SALT description

Post Reply

Page 12 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
cbr600 Members Profile Find Members Posts Groupie Joined: 05 October 2003 Location: Portugal Status: Offline Points: 89	Post Options Post Reply Quote cbr600 Report Post Thanks(0) Quote Reply Topic: SALT description Posted: 29 July 2004 at 12:32am
	Can anyone please explain me in detail how the Salt, Password and Usercode works and how it is stored on the DB? Give me the example for User - test Password - webwiz Thanks in advance

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 9:51am
	The Salt value is a random hex value that is added to the end of the password brofre encryption. This means that a hacker can't try to break the encryption by trying to spot liknesses in the encrypted passwords with common values. eg. If the encrypted password for 'webwiz' is 'ADE4674AD' then a hacker just needs to look for this to know what that users password is, with the salt value added before the password is encrypted the encrypted passwords would not look the same even if multiple users have the same password.
	Web Wiz Forums Hosting ASP.NET Web Hosting

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 9:52am
	Sorry forgot to mention, the user code is just for cookie tracking and nothing to do with passwords.
	Web Wiz Forums Hosting ASP.NET Web Hosting

cbr600 Members Profile Find Members Posts Groupie Joined: 05 October 2003 Location: Portugal Status: Offline Points: 89	Post Options Post Reply Quote cbr600 Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 10:26am
	so basically you add a salt value to your password, and then encryp it using the functions\hash1way.asp I want to know what it exacly does becaus i have to append records to my tblAuthor from a previous login system i had on my web site. So i would like all users to keep their old passords they used to login to my website, and use the same login to enter the forum. So i have on the old login DB to convert to the web wiz SQL DB Old Login - convert - tblAuthor U_ID - convert - Author_ID U_NAME - convert - Username U_PASSWORD - convert - Password U_EMAIL - convert - Author_email And so i have to know how to convert a regular password to use the salt and encryption system tblAuthor uses, so that i can create a script that automaticaly converts my Old Login.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 11:34am
	What you have is correct. The user_code just needs to be a unquie not easily guessed text string. The following is about the encryption used in web wiz forums so will give you an idea of how the salt value is appened to passwords and why:- http://local.15seconds.com/issue/000217.htm
	Web Wiz Forums Hosting ASP.NET Web Hosting

cbr600 Members Profile Find Members Posts Groupie Joined: 05 October 2003 Location: Portugal Status: Offline Points: 89	Post Options Post Reply Quote cbr600 Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 12:56pm
	My question is, if i wanted to create a page that receives the inputed (from a form) username and passord, and displays me the SALT, Username, Usercode, and Password, How would i do that? Using of course the same method as the webwiz forum does. Simply tell me: get this code from line x to y from file this.asp and include file that.asp, etc it would be a lot easier for me. Thanks in advance.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 1:21pm
	Not sure what you mean , but the register.asp page handles the registration of new users and creates the salt value, encrypts the password, and creates the user code for the user.
	Web Wiz Forums Hosting ASP.NET Web Hosting

cbr600 Members Profile Find Members Posts Groupie Joined: 05 October 2003 Location: Portugal Status: Offline Points: 89	Post Options Post Reply Quote cbr600 Report Post Thanks(0) Quote Reply Posted: 29 July 2004 at 2:48pm
	i know. What i want to do is create a .asp that reads all records from my old DB and converts them to be like tblAuthor. I showed you my tblLOGIN table, so what i need is what would that page be like? 1 - open Old database 2 - for each record, use a code to get U_PASSWORD and U_NAME and convert it to Password, User_Code, and Salt, (can be displayed on monitor or can be directly replaced on the old DB) so that it can be compatible with the forum DB.

Post Reply	Page 12 >

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum