Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Carsten 13 posts 33 karma points
    Jan 09, 2012 @ 16:41
    Carsten
    0

    Change member password encryption mode

    Hey there community,

    I am migrating an system with about 50k members to umbraco and their passowords are currently hashed as MD5. Unfortunately propting the user to enter a new password after the site has started is not an option. :/

    Is it possible to change the hash algorithm of member passwords to MD5

    Thanks in advance,
    - Carsten.

  • Richard Soeteman 4049 posts 12922 karma points MVP 2x
    Jan 09, 2012 @ 16:52
    Richard Soeteman
    0

    Hi Carsten,

    You can specify MD5 hasing on the membership provider Check http://msdn.microsoft.com/en-us/library/e01fc50a.aspx

    Cheers,

    Richard

  • Carsten 13 posts 33 karma points
    Jan 10, 2012 @ 09:06
    Carsten
    0

    Hey,

    thanks for the reply so far. However I thought users are ASP.NET accounts which are able to login to the umbraco backend. However I am talking about members which are supposed to login to my page's frontend to be able to see some access-protected content.

    However I already specified the hashAlgorithm attribute of the membership provider inside the web.config file:

    <!-- Membership Provider -->
    <membership hashAlgorithmType="MD5" defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="30">
    <providers>
    <clear />
    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
    <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
    </providers>
    </membership>

    But when I take a look into the cmsMembers table of umbraco the password appears to be encrypted in an completely different way! For example when I take the password "12345" the hashes calculated would look like this:

    MD5: 827ccb0eea8a706c4c34a16891f84e7b
    SHA1: 8cb2237d0679ca88db6464eac60da96345513964
    Umbraco: QOXN0Fb2NXV8nfELJ9DhL/0wxNs=

    So umbraco appears to hash passwords in a completely different way. Or does it simply encrypt the hash somehow?!

    Thanks in advance,
    - Carsten.

Please Sign in or register to post replies

Write your reply to:

Draft