How to get aspnet_Membership decrypted password in sql2005

Question

Hi,

  I have users information saved table aspnet_Membership in sql2005,now I want to read its information(such as:passwoed)  for other program ,passwordFormat is "Hashed"，How to 。。。

Do you have a good idea?

Thx

Cofcoko

Answer 1

Hi,

The password is encrypted with the format which you set in your ASPNET membership configuration. If you want to check the password, you need to decrypt according to the specific arithmetic you defined.

From .Net level, if you use the MembershipUser class GetPassword method, you can get an encrypted password, but you need to know the user's passwordAnswer if you have enabled the password answer feature.

For more information, you can check the following thread.

http://forums.asp.net/p/1091709/1638361.aspx

Thanks.

---

Microsoft Online Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Answer 2

I would like to know how safe it is to use aspnetdb to store customers' login information, including encrypted passwords.  It seems like people is already attempt to decode the encrypted password in the aspnet_membership table.  Is it difficult to do?  Or if someone put enough effort, he/she will be able to unencrypted?  Is it safe to use, Microsoft?

Answer 3

Your passwords will only be as safe as their complexity.

A password that is so common its stored in a dictionary is not safe.

A password less than 8 characters in general can be cracked with a regular desktop computer (depending on a few factors).

But if your password is 14 characters with uppercase, lowercase, symbols, and numbers, it will essentially never be cracked.

If someone gets the username and password to an SA account on your database you are screwed no matter what you do.

 

Hope that helps!

---

joe.hamilton