Click here to Skip to main content
15,042,397 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi ,

I need to know the login, How this will be done.

I have done so far, created users register page their i'm generating the hash code of the entered password using salt. now how to decrypt at server side with same salt.
Posted

Hello Rockstar,

Since you are using hashed password it won't be possible for you to obtain the original password on the server side, unless of course you are using a custom grown hash function which is capable of reversing the has value.
According to Wikipedia
A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digest.

The ideal cryptographic hash function has four main properties:

  • it is easy to compute the hash value for any given message
  • it is infeasible to generate a message that has a given hash
  • it is infeasible to modify a message without changing the hash
  • it is infeasible to find two different messages with the same hash.

The way I typically imeplemet this functionality is explained below. You can perhaps follow the same.

  1. Generate some random value (Salt) approx 10-12 characters on server side and insert it in login page using a hidden field, store it in session as well.
  2. In login page's javascript generate a hash (HashedPass) of the password (SHA-1/SHA-2/SHA-3).
  3. Using the Salt generate one more hash value (CheckSum) of HashedPass
  4. Post UserId, HashedPass and CheckSum to server
  5. On the server side recompute the Checksum using Salt stored in session and the received HashedPass. Compare this value with CheckSum received, If both values are same then proceed to next step otherwise flag an error.
  6. Reteieve user's record from data store using the received UserId.
  7. Retrieve the random salt that was stored along with the original password hash. (The original password stored in the data store is also a hash value generated using a random salt and using one of the hashing algorithms mentioned eralier. I generally store salt along with the hashed password as $SALT$HASH)
  8. Recompute the new hash of HashedPass using the random salt retrieved in step 7 and one of the hashing algorithms mentioned eralier.
  9. Now compare the new hash with the password hash stored in data store, if both of these values are equal then you can safely login the user, otherwise flag an error

Regards,
   
Comments
Rockstar_ 17-Jul-13 4:38am
   
Could you please send code samples?
Rockstar_ 17-Jul-13 4:38am
   
Your answer is exactly matching my problem..
Prasad Khandekar 19-Jul-13 10:57am
   
Thank's, really glad to know that it helped you. You can find the SHA javascript at (http://code.google.com/p/crypto-js/). For SHA in C# please have a look at (http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1.aspx).

Regards,
I answered your similar question today morning. Well,i suggested there also that you cant decrypt the final value.In order to get successfull login,you should first pass user entered text to the same hash algorithm which will generate the hash. This is,you compare hash with hash,not password with password.

Call again if you still have any doubts.

Regards..:laugh:
   
Comments
Rockstar_ 17-Jul-13 3:23am
   
ya i'm comparing the two hash passwords only, but not matching..
Please look at this link http://www.codeproject.com/Articles/608860/A-Beginners-Tutorial-for-Understanding-and-Impleme
Rockstar_ 17-Jul-13 3:24am
   
here in the above link rahul explained the process, but still have some doubts, like server side how to use the salt.
Thanks7872 17-Jul-13 3:29am
   
Let me explain you from very basic.Hope you will get it.

First user creates account using registration page.There,he will provide password(say 123@rockstar) for her account.Encrypt it using algorithm it will generate some hash(say udfguebrgiunfnvhuihfuewngu),now this value cant be decrypted and you cant get 123@rockstar from this.
At the time of login,user will enter her password 123@rockstar,at that time encrypt it using the same algorithm,which will generate udfguebrgiunfnvhuihfuewngu,so now only thing is to compare these two highlighted values.
Rockstar_ 17-Jul-13 4:43am
   
Please go through solution 3
Rockstar_ 17-Jul-13 4:43am
   
MY problem is same like solution 3
Thanks7872 17-Jul-13 4:50am
   
I explained you everything in very very simple terms how to do login functionality including how to store passwords. I also suggested you some of links to do the same.The solution 3 suggests same thing with lil bit modification. If you want to achieve functionality than you should follow the suggestion first.If the above simple explanation is not enough for you than i think you should start from some basic programming rather than cryptography.

You are talking about javascript since last 8 hours,can you explain me why to use javascript only? See there are number of ways to do something with programming,its upto you how to implement it. If easier solution is available,than why to go for the complex one. As per as the question is concerned,javascript wont have specific advantage to be used.
   
Comments
Thanks7872 17-Jul-13 4:56am
   
Dont run into race of points. It wont add much value to the codeproject.com and yourself as well.I have seen since last one month that you are providing only links(it should not be for every question). Theres not a case every time where user failed to find it through google. If possible provide some explanation.

Forums are meant to be surfed through years. If you provide some valuable content,that would be helpful for others for years.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900