?
Solved

MD5 Salt Hashes in Coldfusion

Posted on 2014-02-16
8
Medium Priority
?
863 Views
Last Modified: 2014-02-16
Is it possible to do this type of setup in CF 9/10

$hash = md5( md5( $salt ) . md5( $password ) );
0
Comment
Question by:theideabulb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863108
ColdFusion has the hash() function.

To replicate what you're doing:

  <cfset theHash = hash( hash(salt) & hash(password) )>

Although I don't really see the need for repeated use of the hash, why not just...

 <cfset theHash = hash( password & salt )>
0
 

Author Comment

by:theideabulb
ID: 39863127
i am trying to work out a special feature and want to integrate with the message board I use.  This is the type of encryption they say they use to generate the password:

http://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130
0
 

Author Comment

by:theideabulb
ID: 39863134
I am not sure of what you are saying about the salt part of this

EDIT--- i get it the salt part now....
0
Use Filtering Commands to Process Files in Linux

Learn how to manipulate data with the help of various filtering commands such as `cat`, `fmt`, `pr`, and others in Linux.

 
LVL 39

Expert Comment

by:gdemaria
ID: 39863165
looks like they use the double hash, so you would have to do the same in order to get the same value..  

 <cfset theHash = hash( hash(salt) & hash(password) )>
0
 

Author Comment

by:theideabulb
ID: 39863170
Ok, so this is what i am doing:

<cfset salt = '|"<x{' /> 
<cfset pw = 'pass1234'>

<cfset theHash = hash( hash(salt,"md5") & hash(pw,"md5"))>

<cfdump var="#theHash#">

Open in new window


My output is: A012639CB425D6DE66245CBC52176C78

The forum is generating this: 24f4511be9e824ca8fc647b28e05ccf2

so I am not sure what I might be missing
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863180
First, be sure that you are using the exact same salt and pw values as the forum.. even the case has to be the same.

I made the assumption that the dot  "."  in this example is concatenation.  If it is not, you need to alter the coldfusion version to do whatever that does.

   =  md5( md5( $salt ) . md5( $password ) );

I don't know if the forum will give you more detail, but can you hash a single word on your side and on the forum to see if they match?   That will take out the complexity of the double hash and concatenation and just let you know if you are using the same hash algorithm.
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 2000 total points
ID: 39863182
Notice that your output is all capitals and the forum's is lower case (or perhaps mixed case).   When hashing    "Abc" and  "ABC"  I believe you will get different results.

Therefore, if you hash a value and it forces it to upper case and then you hash again, you will get different results than if you hash a value and it keeps it lower case and you hash again..


You could try this to force the result to lower case, but if the result is mixed case, you may have a problem
<cfset theHash = hash(  lower(hash(salt,"md5"))  &  lower(hash(pw,"md5")) )>
0
 

Author Closing Comment

by:theideabulb
ID: 39863201
Great job.  That did it.   I really appreciate the help.  I had a very quick thought about the lcase, but I thought, hey.. maybe CF just outputs it like that.    This was a big help
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article  is about submitting  form through  ColdFusion.Ajax.submitForm to the action page and send a response back in JSON format which later can be decoded using ColdFusion.JSON.decode. By this way you can avoid the usual page refresh for subm…
This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question