Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Carsten 13 posts 33 karma points
    Jan 09, 2012 @ 16:41
    Carsten
    0

    Change member password encryption mode

    Hey there community,

    I am migrating an system with about 50k members to umbraco and their passowords are currently hashed as MD5. Unfortunately propting the user to enter a new password after the site has started is not an option. :/

    Is it possible to change the hash algorithm of member passwords to MD5

    Thanks in advance,
    - Carsten.

    Copy Link
  • Richard Soeteman 4054 posts 12927 karma points MVP 2x
    Jan 09, 2012 @ 16:52
    Richard Soeteman
    0

    Hi Carsten,

    You can specify MD5 hasing on the membership provider Check http://msdn.microsoft.com/en-us/library/e01fc50a.aspx

    Cheers,

    Richard

    Copy Link
  • Carsten 13 posts 33 karma points
    Jan 10, 2012 @ 09:06
    Carsten
    0

    Hey,

    thanks for the reply so far. However I thought users are ASP.NET accounts which are able to login to the umbraco backend. However I am talking about members which are supposed to login to my page's frontend to be able to see some access-protected content.

    However I already specified the hashAlgorithm attribute of the membership provider inside the web.config file:

    <!-- Membership Provider -->
    <membership hashAlgorithmType="MD5" defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="30">
       <providers>
         <clear />
           <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
         <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
       </providers>
    </membership>

    But when I take a look into the cmsMembers table of umbraco the password appears to be encrypted in an completely different way! For example when I take the password "12345" the hashes calculated would look like this:

    MD5: 827ccb0eea8a706c4c34a16891f84e7b
    SHA1: 8cb2237d0679ca88db6464eac60da96345513964
    Umbraco: QOXN0Fb2NXV8nfELJ9DhL/0wxNs=

    So umbraco appears to hash passwords in a completely different way. Or does it simply encrypt the hash somehow?!

    Thanks in advance,
    - Carsten.

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies