retrieve the salt from a mysql database for a password. [modified]
-
Hi there. I have a login on my vb.net application. It is using the Joomla database for user management and integration to my website. However i have hit a problem. The joomla passwords are hashed as MD5 and salted with 32 characters. It looks like this hashpassword:salt The colon splits the password with the salt. Im just struggling to find out how to retrieve the salt and append it to the password. So far i have this:
Private Sub BtnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Btnlogin.Click
Dim myCommand As New MySqlCommand
Dim myAdapter As New MySqlDataAdapter
Dim myData As MySqlDataReader
'txtEmail.Text.Replace("'", "\'") BoxPassword.Text.Replace("'", "\'")
Dim SQL As String
'Our MySQL Query
Dim Email As String = TxtEmail.Text.Replace("'", "\'")
Dim password = (getMD5Hash(BoxPassword.Password + ":"))
SQL = "SELECT * FROM `jos_users` WHERE `username` = '" + Email + "' AND `password` = '" + Password + "'"Label1.Content = BoxPassword.Password myCommand.Connection = conn myCommand.CommandText = SQL myAdapter.SelectCommand = myCommand Try 'Try to execute the query myData = myCommand.ExecuteReader() myData.Read() If myData.HasRows = 0 Then 'Checkes if a row with the email and password exist. 'If no outputs this: notifyicon.ShowBalloonTip(3000, "Warning User", "The Email Address and Password that you entered dont match!", Avalon.Windows.Controls.NotifyBalloonIcon.Warning) Txtwrongpass.Content = "The Email Address and Password that you entered dont match!" myData.Close() Else 'if yes outputs this: 'notifyicon.ShowBalloonTip(3000, "Welcome " + myData.GetString("fname") + " " + myData.GetString("lname"), "You have sucessfully logged into RemindMe", Avalon.Windows.Controls.NotifyBalloonIcon.Warning) Dim loPage1 As New user loPage1.Background = Brushes.Gray Me.Content = loPage1 myData.Close() End If Catch ex As MySqlException 'If fail outputs MySQL Error MsgBox(ex.Message) End Try End SubAs you may see if have hashed the password with md5 and attached the ":" colon but i dont know how to retrieve the password. Any help would be gr
-
Sorry i should explain better. When you register a new user with joomla it adds a randomly generated salt to the md5 password. so the password in the password field looks like hash:salt (seperated by a colon in the database) I think this php code helps. I don't know php that well but well enough to read it.
<form action='login.php' method='post' name='login'>
<b>User:<b> <input type=text name='username' maxlength=15 width=18><br/>
<b>Password:<b> <input type=password name='password' maxlength=15 width=18><br/>
<input type=submit value='Login'>
</form><?php
$dbaddress='localhost'; $dbuser='root'; $dbpass='root'; $dbname='yourdatabase';$dbcnx = mysql_connect($dbaddress,$dbuser,$dbpass)
or die("Could not connect: " . mysql_error());
mysql_select_db($dbname, $dbcnx) or die ('Unable to select the database: ' . mysql_error());$query = mysql_query("select password from jos_users where username = \"" . $_POST["username"] . "\"")
or die("Unable to validate login and password with the database:" . mysql_error());$result = mysql_fetch_array($query);
$result = $result[0];
$parts = explode( ':', $result);// Check if password is md5-ed with or without salt if (count($parts) < 2) $new\_password = md5($\_POST\["password"\]); else { $salt = $parts\[1\];// convert the raw password to md5(password+salt):salt model
$new_password = md5($_POST["password"] . $salt) . ":" . $salt;
}
if ($new_password != $result)
{
echo "no login"; // your params
}
else
{
echo "successful validation"; // your params
}
?>Thanks for replying, Robbie.
-
Sorry i should explain better. When you register a new user with joomla it adds a randomly generated salt to the md5 password. so the password in the password field looks like hash:salt (seperated by a colon in the database) I think this php code helps. I don't know php that well but well enough to read it.
<form action='login.php' method='post' name='login'>
<b>User:<b> <input type=text name='username' maxlength=15 width=18><br/>
<b>Password:<b> <input type=password name='password' maxlength=15 width=18><br/>
<input type=submit value='Login'>
</form><?php
$dbaddress='localhost'; $dbuser='root'; $dbpass='root'; $dbname='yourdatabase';$dbcnx = mysql_connect($dbaddress,$dbuser,$dbpass)
or die("Could not connect: " . mysql_error());
mysql_select_db($dbname, $dbcnx) or die ('Unable to select the database: ' . mysql_error());$query = mysql_query("select password from jos_users where username = \"" . $_POST["username"] . "\"")
or die("Unable to validate login and password with the database:" . mysql_error());$result = mysql_fetch_array($query);
$result = $result[0];
$parts = explode( ':', $result);// Check if password is md5-ed with or without salt if (count($parts) < 2) $new\_password = md5($\_POST\["password"\]); else { $salt = $parts\[1\];// convert the raw password to md5(password+salt):salt model
$new_password = md5($_POST["password"] . $salt) . ":" . $salt;
}
if ($new_password != $result)
{
echo "no login"; // your params
}
else
{
echo "successful validation"; // your params
}
?>Thanks for replying, Robbie.
Ive been researching for ages but maybe this can help anyone. Similar than above and kind of helps me in away.
$part = explode(":",$password);
$salt = $part[1];
$encrypted_password = md5($mypassword . $salt).":".$salt;
;So maybe it works by making my vb.net app read the database, get the password and split the password into 2 parts with the :(colon) in the password. Then encrypt the password and add the salt to the password. However now i think i have the theory, i have no idea how to implement it correctly. Can anyone give a basic example instead please? Any help is great appreciated, Robbie.
-
Ive been researching for ages but maybe this can help anyone. Similar than above and kind of helps me in away.
$part = explode(":",$password);
$salt = $part[1];
$encrypted_password = md5($mypassword . $salt).":".$salt;
;So maybe it works by making my vb.net app read the database, get the password and split the password into 2 parts with the :(colon) in the password. Then encrypt the password and add the salt to the password. However now i think i have the theory, i have no idea how to implement it correctly. Can anyone give a basic example instead please? Any help is great appreciated, Robbie.
Looking at both sets of code, it looks like the md5 is generated from a combination of the password and the salt; then the salt is appended to the md5. The first bunch of code does a split (expand) on the colon, and uses that to determine if the password has been salted or not. This has maybe been done to cater for an upgrade in Joomla security, but I don't know the history. It would be better to see the code that is used to register a new user,to work out what they are doing. I'll maybe have a look later. In the meantime, i am starting with the known values and seeing if i can recreate the stored value in the database.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com -
Looking at both sets of code, it looks like the md5 is generated from a combination of the password and the salt; then the salt is appended to the md5. The first bunch of code does a split (expand) on the colon, and uses that to determine if the password has been salted or not. This has maybe been done to cater for an upgrade in Joomla security, but I don't know the history. It would be better to see the code that is used to register a new user,to work out what they are doing. I'll maybe have a look later. In the meantime, i am starting with the known values and seeing if i can recreate the stored value in the database.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com -
Ok. Thanks for replying. It's really annoying me. Im trying to think and it's like when you get writers block. Theres nothing there. Like a head of compressed air.
I just had a thought. You say you are trying to retrieve the password? That won't be possible. Its been hashed with a one way algorithm - md5 All you will be able to do is a comparison for authentication purposes. i.e. provide a password and hash/salt it and then compare with the stored value.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com -
I just had a thought. You say you are trying to retrieve the password? That won't be possible. Its been hashed with a one way algorithm - md5 All you will be able to do is a comparison for authentication purposes. i.e. provide a password and hash/salt it and then compare with the stored value.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.comAh right i started like that at first but somebody said somthing different. So still stuck. If the salt is randomly generated then how can i hash/salt the password then compare? The password has been hashed to md5 but the salting i can't do. Any ideas? Thanks for your time Dave.
-
Ah right i started like that at first but somebody said somthing different. So still stuck. If the salt is randomly generated then how can i hash/salt the password then compare? The password has been hashed to md5 but the salting i can't do. Any ideas? Thanks for your time Dave.
because the salt is stored alongside the password (after the : ) 1) user provides username and password; 2) use username to recover the password fieldvalue from the database table 3) extract the salt from result #2 4) use the password in #1 and the salt in #3 combine and hash to give password hash value 5) extract the hashed password from #2 6) compare #4 with #5 to validate however, without looking at the php code used in joomla, can't say for sure thats what they are doing, would need to spend more time looking, maybe have a look tomorrow night, away to call it quits, as got an early start tomorrow. Post how you get on, and i will look again hopefully tomorrow.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.commodified on Monday, July 12, 2010 2:34 AM
-
because the salt is stored alongside the password (after the : ) 1) user provides username and password; 2) use username to recover the password fieldvalue from the database table 3) extract the salt from result #2 4) use the password in #1 and the salt in #3 combine and hash to give password hash value 5) extract the hashed password from #2 6) compare #4 with #5 to validate however, without looking at the php code used in joomla, can't say for sure thats what they are doing, would need to spend more time looking, maybe have a look tomorrow night, away to call it quits, as got an early start tomorrow. Post how you get on, and i will look again hopefully tomorrow.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.commodified on Monday, July 12, 2010 2:34 AM
That sounds OK to me. :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, and improve readability.
-
Ah right i started like that at first but somebody said somthing different. So still stuck. If the salt is randomly generated then how can i hash/salt the password then compare? The password has been hashed to md5 but the salting i can't do. Any ideas? Thanks for your time Dave.
Don't know how you are getting on, but i did some digging in the original joomla distro today, to find out what they do. As a starting point i wanted to see how they added the admin user to the database during the install and from that it would point me to the code libraries used to do the encryption and salt generation etc. If you take a look at the
installation\installer\helper.phpfile you will see thecreateAdminUser()method, and you can see the helper functions being called, namelygenRandomPassword(),getCryptedPassword(). The interesting thing to note is thegenRandomPasswordis also used to generate the necessary random salts. These methods are found in the library located at;libraries\joomla\user\helper.phpalong with a couple of others used internally. without knowing the ins and outs of php, the code is pretty easy to follow, and you should be able come up with suitable code to allow vb integration with the joomla db. hope that heads you off in the right direction now.Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com