I am trying to transfer the customers list to my other custom site database but other site required two fields, password (visible text) and salt key.
How to transfer the customers with "PasswordHash" field to the other site table ?
any way to decrypt the password saved in database ?
- 1
- 2
MVP
Programador certificado
- 1168
- 12695
- 15/11/2011
- United States
You can't, they are one way hashes. The user supplies their password, it gets hashed with the salt and then the hash is compared to the one in the database. If they match, it's the right password and you can log in.
It's also the correct way to handle passwords. You don't want the responsibility of knowing a user's password because if you get hacked and your DB is downloaded then they have to brute force each password individually. If you store them unencrypted then it's just simple and they can take a user's password from your site and see if that's also their gmail, banking, facebook, etc password.
It's also the correct way to handle passwords. You don't want the responsibility of knowing a user's password because if you get hacked and your DB is downloaded then they have to brute force each password individually. If you store them unencrypted then it's just simple and they can take a user's password from your site and see if that's also their gmail, banking, facebook, etc password.
MVP
Programador certificado
- 1168
- 12695
- 15/11/2011
- United States
pepper wrote:
Does the new site already have a list of customers using it? If it were me, I would use the same password implementation as Nop. You could also use the Password Format part so that your existing user's on the new site are unencrypted and the ones you import are encrypted. Set it up so that when your old users log in, it hashes their password and switches their format. Eventually everyone would be encrypted.
Or you could also write a batch script to encrypt all your existing users passwords at once.
any advise how to deal in this situation ? I have almost 1000 customers that I need to transfer to other website database ?
I can't leave the password field blank in other site's database and it will affect all the customer's account and everyone will have to reset their password.
I can't leave the password field blank in other site's database and it will affect all the customer's account and everyone will have to reset their password.
Does the new site already have a list of customers using it? If it were me, I would use the same password implementation as Nop. You could also use the Password Format part so that your existing user's on the new site are unencrypted and the ones you import are encrypted. Set it up so that when your old users log in, it hashes their password and switches their format. Eventually everyone would be encrypted.
Or you could also write a batch script to encrypt all your existing users passwords at once.
MVP
Programador certificado
- 1168
- 12695
- 15/11/2011
- United States
public virtual string CreatePasswordHash(string password, string saltkey, string passwordFormat = "SHA1")
{
if (String.IsNullOrEmpty(passwordFormat))
passwordFormat = "SHA1";
string saltAndPassword = String.Concat(password, saltkey);
var algorithm = HashAlgorithm.Create(passwordFormat);
if (algorithm == null)
throw new ArgumentException("Unrecognized hash name", "hashName");
var hashByteArray = algorithm.ComputeHash(Encoding.UTF8.GetBytes(saltAndPassword));
return BitConverter.ToString(hashByteArray).Replace("-", "");
}
- 1
- 2