Case Sensitive Passwords (Hash) ?
I have been using this article to create a password hash that I am saving into a MSSQL 2000 database.
Everything seems to be working correctly, and cases are being stored along with the hash, however upon validating the passwords cases are not being taken into consideration.
How can I create a hash that is case sensitive? I know they are used, but I'm not sure if they are done with an advanced style of hashing or if some other type of encryption is used.
I like the hashes because they are not reversable and because of how they are validated--simply by hashing the password used at login and testing to see if it matches the hash stored in the database.
I've searched the forum but didn't locate anything about case sensitive hashes.
Thanks for any help!
Re: Case Sensitive Passwords (Hash) ?
Capicom is case sensative, but I'm not sure about the hash. It should be.
Here's a VBA sample, that should be easy to translate
http://www.dbazine.com/code/larsen2-1.txt
it's from here:
http://www.dbazine.com/sql/sql-articles/larsen2
Re: Case Sensitive Passwords (Hash) ?
Quote:
Originally Posted by dglienna
Thanks for the reply,
Is that really a VBA example? I know little to nothing about VBA but that looks like a T-SQL example. I wasn't sure. I'm not fimiliar with the syntax of VBA. I didn't realize that VBA was that close to T-SQL.
Either way, its fairly simple to understand, but it looks like the hashing is still going to be case-insensitive.
I haven't actually wrote an example, but from the code it looks like it would be.
It looks like behind the secnes its using the same hashing method that .Net uses.
Code:
exec @rc = sp_oasetproperty @object, 'algorithm', 0 -- sha 1
Should CAPICOM be used from C#? It looks like this was designed for VB6.0 and C++ in order to easily take advantage of Crypto functions. I believe its just an interface between CryptoAPI and VB/C++ in order to make it easier to use Crypto fucntions from those languages. It doesn't say anything in the documentation about C#, or any other .Net languages.
I'm not 100% sure but this looks like just an interface for those languages, .Net already has a crypto interface included in the .Net Framework.
I was a little confused on that, can you please advise a little more on it?
Thanks for your help!
Quote:
Originally Posted by MSDN Article (in that link)
CAPICOM is intended for use by developers who are creating applications using the Microsoft Visual Basic development system, the Visual Basic Scripting Edition (VBScript) programming language, or the C++ programming language.
Re: Case Sensitive Passwords (Hash) ?
Well, I know that phrases are case-sensative when encrypted with Capicom, but wasn't sure about the hashing part. I suppost the Net encryption method utilizes the same algorithm that Capicom does. I was just googling around... :)
I know that passwords are usually case-sensative, though.
