toto
Apr 2nd, 2004, 03:36 PM
Okay heres my problem.....
I have in my Database Username/Password fields. The password field stores the users password md5 encrypted. I would really like to keep the data stored in the field encrypted with md5 encryption.
I am receiving from a client(i can't change how the client behaves) a username and (timestamp+password md5 encrypted) this is just like the APOP command for the pop protocol.
http://www.faqs.org/rfcs/rfc1939.html
We both know the timestamp...
Heres a session example:
S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
C: APOP username c4c9334bac560ecc979e58001b3e22fb
So the client is sending back MD5(<1896.697170952@dbc.mtview.ca.us>tanstaaf) with tanstaaf being their password.
I can query my database for the username and get their md5 encrypted password, thats no problem...but how to compare it to the plain text + timestamp then md5encrypted password..??
MD5(timestamp + password) ~ MD5(password)
I already know part of the text used for one md5 encryption and i know what the password encrypts to in md5...there must be a way to put these two things together...? I'm not looking for clear text to anything, I just need to see if the hashes can be compared somehow.
For example can I do something like this?
MD5(timestamp + password) ~ MD5(password) + MD5(timestamp)
NOTE: I do not know the clear text of the password, I only put MD5(password) to make it easy to read, I only know the MD5 hash of the password.
Thanks guys,
Mitchel
p.s. I posted this in C# forum because I'm developing the software in C# but it's not really about the C# language.
I have in my Database Username/Password fields. The password field stores the users password md5 encrypted. I would really like to keep the data stored in the field encrypted with md5 encryption.
I am receiving from a client(i can't change how the client behaves) a username and (timestamp+password md5 encrypted) this is just like the APOP command for the pop protocol.
http://www.faqs.org/rfcs/rfc1939.html
We both know the timestamp...
Heres a session example:
S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
C: APOP username c4c9334bac560ecc979e58001b3e22fb
So the client is sending back MD5(<1896.697170952@dbc.mtview.ca.us>tanstaaf) with tanstaaf being their password.
I can query my database for the username and get their md5 encrypted password, thats no problem...but how to compare it to the plain text + timestamp then md5encrypted password..??
MD5(timestamp + password) ~ MD5(password)
I already know part of the text used for one md5 encryption and i know what the password encrypts to in md5...there must be a way to put these two things together...? I'm not looking for clear text to anything, I just need to see if the hashes can be compared somehow.
For example can I do something like this?
MD5(timestamp + password) ~ MD5(password) + MD5(timestamp)
NOTE: I do not know the clear text of the password, I only put MD5(password) to make it easy to read, I only know the MD5 hash of the password.
Thanks guys,
Mitchel
p.s. I posted this in C# forum because I'm developing the software in C# but it's not really about the C# language.