Solved

MD5 Salt Hashes in Coldfusion

Posted on 2014-02-16
8
800 Views
Last Modified: 2014-02-16
Is it possible to do this type of setup in CF 9/10

$hash = md5( md5( $salt ) . md5( $password ) );
0
Comment
Question by:theideabulb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863108
ColdFusion has the hash() function.

To replicate what you're doing:

  <cfset theHash = hash( hash(salt) & hash(password) )>

Although I don't really see the need for repeated use of the hash, why not just...

 <cfset theHash = hash( password & salt )>
0
 

Author Comment

by:theideabulb
ID: 39863127
i am trying to work out a special feature and want to integrate with the message board I use.  This is the type of encryption they say they use to generate the password:

http://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130
0
 

Author Comment

by:theideabulb
ID: 39863134
I am not sure of what you are saying about the salt part of this

EDIT--- i get it the salt part now....
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 39

Expert Comment

by:gdemaria
ID: 39863165
looks like they use the double hash, so you would have to do the same in order to get the same value..  

 <cfset theHash = hash( hash(salt) & hash(password) )>
0
 

Author Comment

by:theideabulb
ID: 39863170
Ok, so this is what i am doing:

<cfset salt = '|"<x{' /> 
<cfset pw = 'pass1234'>

<cfset theHash = hash( hash(salt,"md5") & hash(pw,"md5"))>

<cfdump var="#theHash#">

Open in new window


My output is: A012639CB425D6DE66245CBC52176C78

The forum is generating this: 24f4511be9e824ca8fc647b28e05ccf2

so I am not sure what I might be missing
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863180
First, be sure that you are using the exact same salt and pw values as the forum.. even the case has to be the same.

I made the assumption that the dot  "."  in this example is concatenation.  If it is not, you need to alter the coldfusion version to do whatever that does.

   =  md5( md5( $salt ) . md5( $password ) );

I don't know if the forum will give you more detail, but can you hash a single word on your side and on the forum to see if they match?   That will take out the complexity of the double hash and concatenation and just let you know if you are using the same hash algorithm.
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 39863182
Notice that your output is all capitals and the forum's is lower case (or perhaps mixed case).   When hashing    "Abc" and  "ABC"  I believe you will get different results.

Therefore, if you hash a value and it forces it to upper case and then you hash again, you will get different results than if you hash a value and it keeps it lower case and you hash again..


You could try this to force the result to lower case, but if the result is mixed case, you may have a problem
<cfset theHash = hash(  lower(hash(salt,"md5"))  &  lower(hash(pw,"md5")) )>
0
 

Author Closing Comment

by:theideabulb
ID: 39863201
Great job.  That did it.   I really appreciate the help.  I had a very quick thought about the lcase, but I thought, hey.. maybe CF just outputs it like that.    This was a big help
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, I was working on some optimization and spam-stopping techniques when I encountered Ben Nadel's post to reduce spam feature using Math (http://www.bennadel.com/blog/197-How-I-Stop-Spammers-On-My-ColdFusion-Blog.htm). While this method is not o…
Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question