Solved

MD5 Salt Hashes in Coldfusion

Posted on 2014-02-16
8
786 Views
Last Modified: 2014-02-16
Is it possible to do this type of setup in CF 9/10

$hash = md5( md5( $salt ) . md5( $password ) );
0
Comment
Question by:theideabulb
  • 4
  • 4
8 Comments
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863108
ColdFusion has the hash() function.

To replicate what you're doing:

  <cfset theHash = hash( hash(salt) & hash(password) )>

Although I don't really see the need for repeated use of the hash, why not just...

 <cfset theHash = hash( password & salt )>
0
 

Author Comment

by:theideabulb
ID: 39863127
i am trying to work out a special feature and want to integrate with the message board I use.  This is the type of encryption they say they use to generate the password:

http://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130
0
 

Author Comment

by:theideabulb
ID: 39863134
I am not sure of what you are saying about the salt part of this

EDIT--- i get it the salt part now....
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 39

Expert Comment

by:gdemaria
ID: 39863165
looks like they use the double hash, so you would have to do the same in order to get the same value..  

 <cfset theHash = hash( hash(salt) & hash(password) )>
0
 

Author Comment

by:theideabulb
ID: 39863170
Ok, so this is what i am doing:

<cfset salt = '|"<x{' /> 
<cfset pw = 'pass1234'>

<cfset theHash = hash( hash(salt,"md5") & hash(pw,"md5"))>

<cfdump var="#theHash#">

Open in new window


My output is: A012639CB425D6DE66245CBC52176C78

The forum is generating this: 24f4511be9e824ca8fc647b28e05ccf2

so I am not sure what I might be missing
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 39863180
First, be sure that you are using the exact same salt and pw values as the forum.. even the case has to be the same.

I made the assumption that the dot  "."  in this example is concatenation.  If it is not, you need to alter the coldfusion version to do whatever that does.

   =  md5( md5( $salt ) . md5( $password ) );

I don't know if the forum will give you more detail, but can you hash a single word on your side and on the forum to see if they match?   That will take out the complexity of the double hash and concatenation and just let you know if you are using the same hash algorithm.
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 39863182
Notice that your output is all capitals and the forum's is lower case (or perhaps mixed case).   When hashing    "Abc" and  "ABC"  I believe you will get different results.

Therefore, if you hash a value and it forces it to upper case and then you hash again, you will get different results than if you hash a value and it keeps it lower case and you hash again..


You could try this to force the result to lower case, but if the result is mixed case, you may have a problem
<cfset theHash = hash(  lower(hash(salt,"md5"))  &  lower(hash(pw,"md5")) )>
0
 

Author Closing Comment

by:theideabulb
ID: 39863201
Great job.  That did it.   I really appreciate the help.  I had a very quick thought about the lcase, but I thought, hey.. maybe CF just outputs it like that.    This was a big help
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PROBLEM:  How to open a cfwindow or run a function on double click of a cfgrid row. One of my clients wanted to be able to double click on a row item to get more detailed information about a transaction and to be able to modify the line items i…
I spent nearly three days trying to figure out how incorporate OAuth in Coldfusion for the Eventful API. Hopefully, this article will allow Coldfusion Programmers to buzz through the API when they need to. Basically, what this script does is authori…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question