none
[Visual Basic] Generating the md5 hash of the user's original password? RRS feed

  • Question

  • Hey,

    So, I have connected to the mysql database and everything. I am able to login however obviously because in the title the password in the database is a md5 hash. So, it isn't the users original password. I have to manually give the password to people in order for them to login. I don't want it to be this way. I want for them to be able to login with their username and password they they signed up the site with - however I'm not sure how to do this.

    How can I generate the md5 hash of the user's original password and then input the salt saved in the database for the user and then check if the generated hash matches the hash saved in the database password field?

    Just a side note:

    I am using a free forum software called 'MyBB' and the database generated automatically. Obviously the hash was automatically generated as well. So, I'm not sure they encrypt the password into a hash.

    Any help would be much appreciated. I've tried searching but I don't think I am wording it properly because I can't find any discussion on this matter  

    Saturday, December 29, 2018 10:44 PM

All replies

  • Hi,

    use MD5 to encrypt user passwords

      Public Shared Function md5(ByVal password As String, ByVal codeLength As Integer) As String
            If Not String.IsNullOrEmpty(password) Then
    
                If codeLength = 16 Then
                    Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower().Substring(8, 16)
                End If
    
                If codeLength = 32 Then
                    Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower()
                End If
            End If
    
            Return String.Empty
        End Function


    Since MD5 is irreversible, it cannot be decrypted after encryption. When the user name and password are taken, the data input by the user needs to be encrypted and compared with the encrypted data in the database. If the comparison results are consistent, you can determine that the login is successful!

     Public Function UserLogOn(ByVal USERID As String, ByVal pwd As String, ByRef statusCode As String) As Model.UserInfo
            Dim model As Model.UserInfo = GetModel(USERID)
    
            If model IsNot Nothing Then
    
                If model.PASSWORD = MD5Encrypt64(pwd) Then
                    statusCode = "login successfully"
                Else
                    statusCode = "Login failed"
    
                End If
            Else
                statusCode = "User does not exist!"
                model = Nothing
            End If
    
            Return model
        End Function
        Public Shared Function MD5Encrypt64(ByVal password As String) As String
            Dim cl As String = password
            Dim md5 As MD5 = MD5.Create()
            Dim s As Byte() = md5.ComputeHash(Encoding.UTF8.GetBytes(cl))
            Return Convert.ToBase64String(s)
        End Function

    Best Regards,

    Alex


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, December 31, 2018 5:39 AM
  • Hi,

    use MD5 to encrypt user passwords

      Public Shared Function md5(ByVal password As String, ByVal codeLength As Integer) As String
            If Not String.IsNullOrEmpty(password) Then
    
                If codeLength = 16 Then
                    Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower().Substring(8, 16)
                End If
    
                If codeLength = 32 Then
                    Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower()
                End If
            End If
    
            Return String.Empty
        End Function


    Since MD5 is irreversible, it cannot be decrypted after encryption. When the user name and password are taken, the data input by the user needs to be encrypted and compared with the encrypted data in the database. If the comparison results are consistent, you can determine that the login is successful!

     Public Function UserLogOn(ByVal USERID As String, ByVal pwd As String, ByRef statusCode As String) As Model.UserInfo
            Dim model As Model.UserInfo = GetModel(USERID)
    
            If model IsNot Nothing Then
    
                If model.PASSWORD = MD5Encrypt64(pwd) Then
                    statusCode = "login successfully"
                Else
                    statusCode = "Login failed"
    
                End If
            Else
                statusCode = "User does not exist!"
                model = Nothing
            End If
    
            Return model
        End Function
        Public Shared Function MD5Encrypt64(ByVal password As String) As String
            Dim cl As String = password
            Dim md5 As MD5 = MD5.Create()
            Dim s As Byte() = md5.ComputeHash(Encoding.UTF8.GetBytes(cl))
            Return Convert.ToBase64String(s)
        End Function

    Best Regards,

    Alex


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thanks for your reply, however this doesn't solve my problem.

    I have installed the forum software called 'MyBB' to my website. 

    Mybb creates the database automatically. So, when I created my account. I put my Username and password. I would like to use in order to access the website.

    Now what I am trying to do is make an application but user's will need to login in first. I want them to use the username and password they used to sign up with. 

    So, I have connected to the database and checked if the username and password exists then they can log on but I have obviously one problem doing this and that is they can't login using their password they used to sign up with. They have to use the password in the database which is a md5 password. So, I have to give them the password from the database. Which I don't want. I want them to be able to use their password they signed up with.

    Obviously when you sign up the password gets encrypted to an md5 hash. It does it automatically because the forum software implemented it as a security feature.

    So, how would I do what you said above but for a mysql database?

    Monday, December 31, 2018 5:43 PM
  • Hi,


    I don't really understand what you mean, is that okay?

    Public Shared Function ToMD5(ByVal source As String) As String
        Dim sb As StringBuilder = New StringBuilder()
        Dim md5 As MD5 = MD5.Create()
        Dim data As Byte() = Encoding.UTF8.GetBytes(source)
        data = md5.ComputeHash(data)
    
        For Each item In data
            sb.Append(item.ToString("x2"))
        Next
    
        Return sb.ToString()
    End Function

    receive password entered by the user

    Dim password As String = Me.txtPwd.Text.Trim()

    MD5 encryption of the received password

    Dim pwd As String =ToMD5(password)

    The user input has been converted to encryption, and pwd is compared with the encrypted password in the database.

    Best Regards,

    Alex


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, January 1, 2019 7:42 AM
  • Hi,


    I don't really understand what you mean, is that okay?

    Public Shared Function ToMD5(ByVal source As String) As String
        Dim sb As StringBuilder = New StringBuilder()
        Dim md5 As MD5 = MD5.Create()
        Dim data As Byte() = Encoding.UTF8.GetBytes(source)
        data = md5.ComputeHash(data)
    
        For Each item In data
            sb.Append(item.ToString("x2"))
        Next
    
        Return sb.ToString()
    End Function

    receive password entered by the user

    Dim password As String = Me.txtPwd.Text.Trim()

    MD5 encryption of the received password

    Dim pwd As String =ToMD5(password)

    The user input has been converted to encryption, and pwd is compared with the encrypted password in the database.

    Best Regards,

    Alex


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Yes I forgot to mention as well that the database has a salt as well. Sorry I completely forgot about this.

    So, not only do I need to hash the password when the user types in his password. I need to hash it and salt it and then compare it with the database. I have done research of how to do this but it nothing comes up of how to salt and hash a password but then put the results in a MySQL database.

    How do you hash and salt a password and then compare the results to the database?

    Could you also provide the code to the mysql database? Like what you would put in to compare the results? For example

    MysqlConn = New MySqlConnection MysqlConn.ConnectionString = "server=.; user id=hidden_login; password=hidden; username=; password=; database=" MysqlConn.Open() Dim Myadapter As New MySqlDataAdapter Dim sqlquary = "SELECT * FROM `mybb_users` where username='" & MephTextBox1.Text & " ' and password='" & MephTextBox2.Text & "'"


    So, after I've hashed and salted the password. How do I put put to the database? If that makes sense?


    Tuesday, January 1, 2019 9:30 PM
  • Hi

    Here is a stand alone example that may show some of what you want. It has some dummy test data hard coded, but the data could as well be from a database.

    ' Serialize, Dictionary, Deserialize
    ' Salt, Hash, Hashing, Salting
    ' Form1 with TextBox1, TextBox2,
    ' Label1 and Button1
    ' 2 x Labels for TextBox contents
    Option Strict On
    Option Explicit On
    Imports System.Runtime.Serialization.Formatters.Binary
    Imports System.Security.Cryptography
    Imports System.Text
    Public Class Form1
      Dim DataBase As New Dictionary(Of String, User)
      <Serializable> Class User
    	Property Name As String
    	Property PW As String
    	Property Salt As String
    	Property hash As String
      End Class
      Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    	' add some random data to database for tests
    	Dim user1, user2, user3 As New User
    	user1.Name = "Les"
    	user1.PW = "freddy"
    	user1.Salt = CreateRandomSalt()
    	user1.hash = Hash512(user1.PW, user1.Salt)
    	DataBase.Add(user1.Name, user1)
    
    	user2.Name = "Mary"
    	user2.PW = "qwerty"
    	user2.Salt = CreateRandomSalt()
    	user2.hash = Hash512(user2.PW, user2.Salt)
    	DataBase.Add(user2.Name, user2)
    
    	user3.Name = "Elizabeth"
    	user3.PW = "123456"
    	user3.Salt = CreateRandomSalt()
    	user3.hash = Hash512(user3.PW, user3.Salt)
    	DataBase.Add(user3.Name, user3)
    
    	' uncomment to save DataBase
    	'	SaveDataBase()
    
    	' un comment to read DataBase
    	'DataBase.Clear()
    	'ReadDataBase()
    
      End Sub
      Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    	Select Case VerifyUser(TextBox1.Text, TextBox2.Text)
    	  Case True
    		Label1.Text = "Successful login"
    	  Case Else
    		Label1.Text = "Failed login"
    	End Select
      End Sub
      Function VerifyUser(name As String, password As String) As Boolean
    	' uncomment messageboxes to see which failed
    
    	' verify user name
    	If Not DataBase.Keys.Contains(name) Then
    	  '	  MessageBox.Show("User Name not found")
    	  Return False
    	Else
    	  ' verify user hash
    	  If Not Hash512(password, DataBase(name).Salt) = DataBase(name).hash Then
    		'	MessageBox.Show("Password incorrect")
    		Return False
    	  End If
    	End If
    	Return True
      End Function
      Public Function Hash512(password As String, salt As String) As String
    	Dim convertedToBytes As Byte() = Encoding.UTF8.GetBytes(password & salt)
    	Dim hashType As HashAlgorithm = New SHA512Managed()
    	Dim hashBytes As Byte() = hashType.ComputeHash(convertedToBytes)
    	Dim hashedResult As String = Convert.ToBase64String(hashBytes)
    	Return hashedResult
      End Function
      Public Function CreateRandomSalt() As String
    	Dim mix As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+=][}{<>"
    	Dim salt As String = ""
    	Dim rnd As New Random
    	Dim sb As New StringBuilder
    	For i As Integer = 1 To 100
    	  Dim x As Integer = rnd.Next(0, mix.Length)
    	  salt &= (mix.Substring(x, 1))
    	Next
    	Return salt
      End Function
    
      Dim DBpath As String = My.Computer.FileSystem.SpecialDirectories.MyDocuments & "\DB.xml"
      Public Sub SaveDataBase()
    	Dim path As String = DBpath
    	Dim fs As IO.FileStream = New IO.FileStream(DBpath, IO.FileMode.OpenOrCreate)
    	Dim bf As New BinaryFormatter()
    	bf.Serialize(fs, DataBase)
    	fs.Close()
      End Sub
      Public Sub ReadDataBase()
    	Dim path As String = DBpath
    	If FileIO.FileSystem.FileExists(DBpath) Then
    	  Dim fsRead As New IO.FileStream(DBpath, IO.FileMode.Open)
    	  Dim bf As New BinaryFormatter()
    	  DataBase = CType(bf.Deserialize(fsRead), Dictionary(Of String, User))
    	  fsRead.Close()
    	End If
      End Sub
    End Class
    


    Regards Les, Livingston, Scotland

    Tuesday, January 1, 2019 10:33 PM