Using .Net's SHA1 Crypto Service to compare hashes between a user's password and their stored hashed password. Simplez =0)

Member Avatar
+0 forum 0

Hello, i just coded for login script now i want to add "sha1" to my code due to security reason but it's showing an invalid login error i don't know the reason but when i use this withouht "sha1" it's working fine but i want to secure password into database please hwlp what's wrong i'm doing.. here is my code for login.php: <?php include("config.php"); session_start(); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from Form $myusername=addslashes($_POST['username']); $mypassword=addslashes($_POST['password']); $sql="SELECT * FROM admin WHERE username='$myusername' AND passcode='.sha1[$mypassword]' "; $result=mysql_query($sql); $row=mysql_fetch_array($result); $active=$row['active']; $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row …

Member Avatar
Member Avatar
+0 forum 2

Hi, I was thinking of making a big website with an algorithm in place to decipher the multiple match pair chance of same hash occurance for long strings but the only problem is I need a database of hashes. A really big one at that. So does anybody know of any free api's that are provided for sha1 brute force combinations so for example I could send to a websites api a hash and have a chance of getting a decoded result or no result from that website at all. I am hoping of having quite a few api's embedded …

Member Avatar
+0 forum 0

Do anyone here knows flex builder? I'm a beginner in this language. I have written a code for HMAC SHA1 signature generation for authenticating account in cloudstack. No error is showing while compiling. But when i run, the browser opens blank. The url is correct, the signature is genetated. I can see it in the url.But the orginal output is xml commands it is not showing. the page is simply left blank. Can anyone help me? The code is as follows. <fx:Script> <![CDATA[ import com.adobe.crypto.HMAC; import com.adobe.crypto.SHA1; import com.adobe.utils.StringUtil; import flash.net.navigateToURL; import mx.controls.Alert; import mx.utils.Base64Encoder; import mx.utils.StringUtil; private var urlAPI:String; …

Member Avatar
+0 forum 0

Hello, I'm trying to implement the SHA1 hashing algorithm in VB.NET. (Pseudocode [URL="http://en.wikipedia.org/wiki/SHA-1#SHA-1_pseudocode"]here[/URL].) In particular I don't quite understand this line: [CODE]'break chunk into sixteen 32-bit big-endian words w[i], 0 ≤ i ≤ 15 for i from 16 to 79 w[i] = (w[i-3] xor w[i-8] xor w[i-14] xor w[i-16]) leftrotate 1[/CODE] Originally I thought W() are strings because they come from the original string message, but then I can't Xor strings. For the rest of the code W() are treated as numeric (being added and Xor'd) so how to I get them? Also, for the bits where it says 'leftrotate'. …

Member Avatar
+0 forum 0

Another issue with sha1. I am creating users via a registration form, that when submitted, has made the password a sha1. [B]Registration script:[/B] [CODE] if($_POST['pass1']==$_POST['pass2']){ $password = sha1(mysqli_real_escape_string($connection, $_POST['pass1'])); } [/CODE] When the user log in, I have this script using sha1. [B]Login script:[/B] [CODE] $password = sha1(mysqli_real_escape_string($connection, $_POST['password'])); $sql=("SELECT id, email, username FROM users WHERE email='$email' AND pass='$password' LIMIT 1"); // AND THEN THE USER CAN LOG IN, CAUSE THE ENTERED PASS IN THE LOGIN FORM CHANGES THE // PASS TO SHA1, LIKE WHEN THE USER REGISTERED. [/CODE] Then I have made a forgot password script, that creates a …

Member Avatar
Member Avatar
+0 forum 2

Hi, I am using sha1 for a registration form like this: [CODE] if($_POST['pass1']==$_POST['pass2']){ $password = sha1(mysqli_real_escape_string($connection, $_POST['pass1'])); } // This inserts an encrypted row in the DB, and works fine [/CODE] When i want to log in, well I cant login..This is the script: [CODE] $email = mysqli_real_escape_string($connection, $_POST['email']); $password = sha1(mysqli_real_escape_string($connection, $_POST['password'])); $sql=("SELECT id, email, username FROM users WHERE email='$email' AND pass='$password' LIMIT 1"); $result=mysqli_query($connection, $sql); $found_user = mysqli_fetch_array($result); // Mysql_num_row tæller rækkerne $count=mysqli_num_rows($result); // HVIS $result matchede $email $password, table row must be 1 row if($count==1){ // Register $email, $password and redirect to file "../index.php" session_regenerate_id['id']; // IS …

Member Avatar
Member Avatar
+0 forum 6

Hi, I'm currently looking at password hashing and from what I've read so far, it seems pretty pointless. I read this [URL="http://phpsec.org/articles/2005/password-hashing.html"]article[/URL] which recommends using MD5 or SHA-1, however I Googled for decrypters and found them witin the first 3 results on Google. I don't quite understand the purpose of encrypting if it can just as easily be decrypted again. Can someone please explain why one would need password hashing and tell me if there's an encryption that cannot be decrypted? Thanks, Ashton.

Member Avatar
Member Avatar
+0 forum 6

The End.