BV2004 Upgrade and Passwords/Hash - General Support

Welcome Guest! To enable all features please Login or Register.

Notification

Error

BV Commerce Forum » BV Commerce Support » General Support » BV2004 Upgrade and Passwords/Hash

BV2004 Upgrade and Passwords/Hash - Not sure if the password hash has changed from the old days!

Options

Previous Topic Next Topic

antony0312		#1 Posted : Tuesday, December 3, 2013 12:03:19 PM(UTC)
Rank: Member Joined: 12/3/2013(UTC) Posts: 2 Location: uk		Hi All, Looking to upgrade an old (but still solid) BV2004 store. As far as I can see the store uses the then standard BV way of storing passwords (i.e. theres no custom code in this area) in the db they look like this; Code: Password(md5)____________Salt Pae4T8fAvk9RrW/PA9hFrg== 5325eede-f8ae-42c5-8d92-3131720b091b WbJw3m4D5ldm+oYsSA0MFQ== 2ea86dea-fe36-414b-be22-c9ea5fa05987 IZEC94h/A3zJQ4DVu8WSqA== 20bbb362-e902-44db-8fe5-a51766ac06e5 The Password field looks too short to be a standard MD5 hash i.e. 32 characters for this length of password plus I am not sure why they all end in "==". Does anyone remember what is different to the 'standard' http://en.wikipedia.org/wiki/MD5 Many thanks for any pointers


User Profile View All Posts by User View Thanks

Aaron		#2 Posted : Tuesday, December 3, 2013 2:48:42 PM(UTC)
Rank: Administration Joined: 4/2/2004(UTC) Posts: 2,393 Location: Hummelstown, PA Thanks: 6 times Was thanked: 163 time(s) in 158 post(s)		Antony, After the MD5 hash is computed it is then base-64 encoded, which is why you're seeing the "==" at the end of the password.
		Aaron Sherrick BV Commerce Toll-free 888-665-8637 - Int'l +1 717-220-0012
		WWW

User Profile View All Posts by User View Thanks

antony0312		#3 Posted : Wednesday, December 4, 2013 5:02:47 AM(UTC)
Rank: Member Joined: 12/3/2013(UTC) Posts: 2 Location: uk		Hi Aaron, Thank you for your reply. That makes sense, however taking the first password value in my list decoded in base64; Code: Pae4T8fAvk9RrW/PA9hFrg== -> decodeBase64 ascii --> =OOQoE If I MD5 "pass1word" and then encode I get a very different length (I am ignoring salt which does not effect the length) Code: text md5 hash encode base64 pass1word --> 79DF7BEB8CA215B1C36AA1CCB9025FF3 --> NzlERjdCRUI4Q0EyMTVCMUMzNkFBMUNDQjkwMjVGRjM= So this confirms (at least) that Base64 encoding increase the string length not shortens it. Sorry to be thick, what am I missing? Thanks


User Profile View All Posts by User View Thanks

Aaron		#4 Posted : Thursday, December 12, 2013 4:24:27 PM(UTC)
Rank: Administration Joined: 4/2/2004(UTC) Posts: 2,393 Location: Hummelstown, PA Thanks: 6 times Was thanked: 163 time(s) in 158 post(s)		Antony, I missed one critical detail in my explanation. What's getting Base64 encoded is not the hashed string but the byte array of the hashed string. So, in your example, it would not be the string "79DF7BEB8CA215B1C36AA1CCB9025FF3" that is being Base64 encoded but rather an array of bytes whose hex representation is "79DF7BEB8CA215B1C36AA1CCB9025FF3."
		Aaron Sherrick BV Commerce Toll-free 888-665-8637 - Int'l +1 717-220-0012
		WWW

User Profile View All Posts by User View Thanks

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.