Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MD5 Salt Hashes in Coldfusion

Posted on 2014-02-16
8
Medium Priority
?
903 Views
Last Modified: 2014-02-16
Is it possible to do this type of setup in CF 9/10

$hash = md5( md5( $salt ) . md5( $password ) );
0
Comment
Question by:theideabulb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863108
ColdFusion has the hash() function.

To replicate what you're doing:

  <cfset theHash = hash( hash(salt) & hash(password) )>

Although I don't really see the need for repeated use of the hash, why not just...

 <cfset theHash = hash( password & salt )>
0
 

Author Comment

by:theideabulb
ID: 39863127
i am trying to work out a special feature and want to integrate with the message board I use.  This is the type of encryption they say they use to generate the password:

http://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130
0
 

Author Comment

by:theideabulb
ID: 39863134
I am not sure of what you are saying about the salt part of this

EDIT--- i get it the salt part now....
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
LVL 39

Expert Comment

by:gdemaria
ID: 39863165
looks like they use the double hash, so you would have to do the same in order to get the same value..  

 <cfset theHash = hash( hash(salt) & hash(password) )>
0
 

Author Comment

by:theideabulb
ID: 39863170
Ok, so this is what i am doing:

<cfset salt = '|"<x{' /> 
<cfset pw = 'pass1234'>

<cfset theHash = hash( hash(salt,"md5") & hash(pw,"md5"))>

<cfdump var="#theHash#">

Open in new window


My output is: A012639CB425D6DE66245CBC52176C78

The forum is generating this: 24f4511be9e824ca8fc647b28e05ccf2

so I am not sure what I might be missing
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863180
First, be sure that you are using the exact same salt and pw values as the forum.. even the case has to be the same.

I made the assumption that the dot  "."  in this example is concatenation.  If it is not, you need to alter the coldfusion version to do whatever that does.

   =  md5( md5( $salt ) . md5( $password ) );

I don't know if the forum will give you more detail, but can you hash a single word on your side and on the forum to see if they match?   That will take out the complexity of the double hash and concatenation and just let you know if you are using the same hash algorithm.
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 2000 total points
ID: 39863182
Notice that your output is all capitals and the forum's is lower case (or perhaps mixed case).   When hashing    "Abc" and  "ABC"  I believe you will get different results.

Therefore, if you hash a value and it forces it to upper case and then you hash again, you will get different results than if you hash a value and it keeps it lower case and you hash again..


You could try this to force the result to lower case, but if the result is mixed case, you may have a problem
<cfset theHash = hash(  lower(hash(salt,"md5"))  &  lower(hash(pw,"md5")) )>
0
 

Author Closing Comment

by:theideabulb
ID: 39863201
Great job.  That did it.   I really appreciate the help.  I had a very quick thought about the lcase, but I thought, hey.. maybe CF just outputs it like that.    This was a big help
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article  is about submitting  form through  ColdFusion.Ajax.submitForm to the action page and send a response back in JSON format which later can be decoded using ColdFusion.JSON.decode. By this way you can avoid the usual page refresh for subm…
I spent nearly three days trying to figure out how incorporate OAuth in Coldfusion for the Eventful API. Hopefully, this article will allow Coldfusion Programmers to buzz through the API when they need to. Basically, what this script does is authori…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question