I have a client who has a web service that I need to authenticate
with.
He sent me credentials for testing, which I currently have hardcoded.
The password he sent me is the md5 encrypted string.
When I try to create the same string using what should be the original
password I get a different md5 hash.
I had a coworker run the same code I am using against the same
original string and he gets a different hash as well.
This leads me to believe that there is some kind of a key being used.
I have done some research but have only found pieces of information.
From what I have gathered each machine has a machine key which I need
to store in my config file.
So I ask if someone could verify my thoughts, and also perhaps point
me in the correct direction so that I could report back to my client
(who is a developer) about what he needs to provide me for me to
correctly hash the password. (where might he be able to find this key
if it does indeed exist)
On Thu, Nov 20, 2008 at 3:30 PM, rhaazy <rha...@gmail.com> wrote:
> Greetings.
> I have a client who has a web service that I need to authenticate > with. > He sent me credentials for testing, which I currently have hardcoded. > The password he sent me is the md5 encrypted string. > When I try to create the same string using what should be the original > password I get a different md5 hash.
> I had a coworker run the same code I am using against the same > original string and he gets a different hash as well.
> This leads me to believe that there is some kind of a key being used.
> I have done some research but have only found pieces of information.
> From what I have gathered each machine has a machine key which I need > to store in my config file.
> So I ask if someone could verify my thoughts, and also perhaps point > me in the correct direction so that I could report back to my client > (who is a developer) about what he needs to provide me for me to > correctly hash the password. (where might he be able to find this key > if it does indeed exist)
> I have a client who has a web service that I need to authenticate
> with.
> He sent me credentials for testing, which I currently have hardcoded.
> The password he sent me is the md5 encrypted string.
> When I try to create the same string using what should be the original
> password I get a different md5 hash.
> I had a coworker run the same code I am using against the same
> original string and he gets a different hash as well.
> This leads me to believe that there is some kind of a key being used.
> I have done some research but have only found pieces of information.
> From what I have gathered each machine has a machine key which I need
> to store in my config file.
> So I ask if someone could verify my thoughts, and also perhaps point
> me in the correct direction so that I could report back to my client
> (who is a developer) about what he needs to provide me for me to
> correctly hash the password. (where might he be able to find this key
> if it does indeed exist)
> > I have a client who has a web service that I need to authenticate > > with. > > He sent me credentials for testing, which I currently have hardcoded. > > The password he sent me is the md5 encrypted string. > > When I try to create the same string using what should be the original > > password I get a different md5 hash.
> > I had a coworker run the same code I am using against the same > > original string and he gets a different hash as well.
> > This leads me to believe that there is some kind of a key being used.
> > I have done some research but have only found pieces of information.
> > From what I have gathered each machine has a machine key which I need > > to store in my config file.
> > So I ask if someone could verify my thoughts, and also perhaps point > > me in the correct direction so that I could report back to my client > > (who is a developer) about what he needs to provide me for me to > > correctly hash the password. (where might he be able to find this key > > if it does indeed exist)
> > > I have a client who has a web service that I need to authenticate
> > > with.
> > > He sent me credentials for testing, which I currently have hardcoded.
> > > The password he sent me is the md5 encrypted string.
> > > When I try to create the same string using what should be the original
> > > password I get a different md5 hash.
> > > I had a coworker run the same code I am using against the same
> > > original string and he gets a different hash as well.
> > > This leads me to believe that there is some kind of a key being used.
> > > I have done some research but have only found pieces of information.
> > > From what I have gathered each machine has a machine key which I need
> > > to store in my config file.
> > > So I ask if someone could verify my thoughts, and also perhaps point
> > > me in the correct direction so that I could report back to my client
> > > (who is a developer) about what he needs to provide me for me to
> > > correctly hash the password. (where might he be able to find this key
> > > if it does indeed exist)- Hide quoted text -
[mailto:DotNetDevelopment@googlegroups.com] On Behalf Of CK Sent: Friday, November 21, 2008 4:27 AM To: DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting Subject: [DotNetDevelopment] Re: Question about using MD5
Hi rhaazy, haven't seen you for a while.
This is in interesting problem, one that as a group we may be able to identify better.
If everyone runs the following code and posts their results (with .Net version, OS and 32 / 64 bit), we might be able to track it down:
String password = "passwordabc123987"; System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider(); Byte[] result = md5.ComputeHash (System.Text.ASCIIEncoding.UTF8.GetBytes(password)); StringBuilder sb = new StringBuilder(); for (int i = 0; i < result.Length; i++) { sb.Append(result[i].ToString("X2")); } Console.WriteLine("Encoded Hash: " + sb.ToString());
My results (.Net 2.0, Windows server 2003 32-bit) 9E2A13BC30EF95CC7798D698E62BECD9
On 20 Nov, 20:30, rhaazy <rha...@gmail.com> wrote: > Greetings.
> I have a client who has a web service that I need to authenticate > with. > He sent me credentials for testing, which I currently have hardcoded. > The password he sent me is the md5 encrypted string. > When I try to create the same string using what should be the original > password I get a different md5 hash.
> I had a coworker run the same code I am using against the same > original string and he gets a different hash as well.
> This leads me to believe that there is some kind of a key being used.
> I have done some research but have only found pieces of information.
> From what I have gathered each machine has a machine key which I need > to store in my config file.
> So I ask if someone could verify my thoughts, and also perhaps point > me in the correct direction so that I could report back to my client > (who is a developer) about what he needs to provide me for me to > correctly hash the password. (where might he be able to find this key > if it does indeed exist)
No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.9/1802 - Release Date: 11/20/2008 7:28 PM
> On Thu, Nov 20, 2008 at 3:30 PM, rhaazy <rha...@gmail.com> wrote:
>> Greetings.
>> I have a client who has a web service that I need to authenticate >> with. >> He sent me credentials for testing, which I currently have hardcoded. >> The password he sent me is the md5 encrypted string. >> When I try to create the same string using what should be the original >> password I get a different md5 hash.
>> I had a coworker run the same code I am using against the same >> original string and he gets a different hash as well.
>> This leads me to believe that there is some kind of a key being used.
>> I have done some research but have only found pieces of information.
>> From what I have gathered each machine has a machine key which I need >> to store in my config file.
>> So I ask if someone could verify my thoughts, and also perhaps point >> me in the correct direction so that I could report back to my client >> (who is a developer) about what he needs to provide me for me to >> correctly hash the password. (where might he be able to find this key >> if it does indeed exist)
