One way Hash Commerce Server 2002

Discussion:

(too old to reply)

Bob

2006-03-03 17:50:29 UTC

Good morning, where (what field(s)) does commerce server get the 4 bytes for
its salt when doing its md5 One Way hash?

Thanks!
Bob

Joe Wasson [MSFT]

2006-03-07 00:40:37 UTC

Permalink

The salt is stored in the first 8 characters (4 bytes written as
hexadecimal) of the property. You can get details about calculating the
hash for comparison from this page:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/ht
m/cs_mmc_datamapper_adrz.asp

-joe

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?Qm9i?= <***@discussions.microsoft.com>
Subject: One way Hash Commerce Server 2002
Date: Fri, 3 Mar 2006 09:50:29 -0800

Good morning, where (what field(s)) does commerce server get the 4 bytes
for
its salt when doing its md5 One Way hash?

Thanks!
Bob

mnet123

2006-04-26 02:59:02 UTC

Permalink

So what i dont understand is :
why is the encrypted string that is in password column different for each
user, even though the passwords are the same "samsung1".
The column gets different values for both the users. Dont the encrypted
passwords be the same if the actual password is the same ?
--
Regards

Post by Joe Wasson [MSFT]
The salt is stored in the first 8 characters (4 bytes written as
hexadecimal) of the property. You can get details about calculating the
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/ht
m/cs_mmc_datamapper_adrz.asp
-joe
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Subject: One way Hash Commerce Server 2002
Date: Fri, 3 Mar 2006 09:50:29 -0800
Good morning, where (what field(s)) does commerce server get the 4 bytes for
its salt when doing its md5 One Way hash?
Thanks!
Bob

Joe Wasson [MSFT]

2006-06-12 18:03:33 UTC

Permalink

No. A random salt is assigned to the password when it is created to
"season" it for precisely this reason. All of your users could have the
same password and you wouldn't know unless you checked each one. The salt
prevents against a pre-computed dictionary attack.
-joe

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?bW5ldDEyMw==?= <***@online.nospam>
Subject: RE: One way Hash Commerce Server 2002
Date: Tue, 25 Apr 2006 19:59:02 -0700

So what i dont understand is :
why is the encrypted string that is in password column different for each
user, even though the passwords are the same "samsung1".
The column gets different values for both the users. Dont the encrypted
passwords be the same if the actual password is the same ?
--
Regards

Post by Joe Wasson [MSFT]
The salt is stored in the first 8 characters (4 bytes written as
hexadecimal) of the property. You can get details about calculating the

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/ht

Post by Joe Wasson [MSFT]
m/cs_mmc_datamapper_adrz.asp
-joe
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Subject: One way Hash Commerce Server 2002
Date: Fri, 3 Mar 2006 09:50:29 -0800
Good morning, where (what field(s)) does commerce server get the 4 bytes for
its salt when doing its md5 One Way hash?
Thanks!
Bob