Hi I need to write a hash mechanism in CF that replaces on in C#: it accepts a salt, and the password the user enters, and returns a string.
#Something("rOE3gOJuY/8iZCa0iFmjAQ==", "Sup3rP4sSwORD")# --> YRsleC9Zqpb8/pk3KEtOcuA2jho= I've tried a few things, but haven't got it yet, then I thought I'd post it here, in case there was someone who could just bash it out. Thanks in advance Bert p.s. by way of introduction, its been a few years since I posted here, but I'm still working on a fusebox app I started in early 2000. p.p.s. here's the (psuedo) C# code that i need to replicate that I've been given, along with the comment "pay specific attention on how the base 64 string are directly converted to byte arrays." class Program { static void Main(string[] args) { // These values are retrieved from the database. string userSpecificSaltB64String = "rOE3gOJuY/8iZCa0iFmjAQ=="; string realPasswordSHA1HashB64String = "YRsleC9Zqpb8/pk3KEtOcuA2jho="; // This value is the string entered by the user in the login form. string passwordToValidate = "Sup3rP4sSwORD"; // We write the result of the IsPasswordValid call. Console.WriteLine( string.Format( "Is Password Valid: {0}", IsPasswordValid(passwordToValidate, userSpecificSaltB64String, realPasswordSHA1HashB64String) ? "YES" : "NO")); // This will display: // Is Password Valid: YES } /// <summary> /// Validates if the provided password has the same hash as the one stored in the database. /// The high level algorithm is to compare the hash provided in argument (DBPwdHash), retrieved from the DB, /// with the one we generate thanks to the user specific salt (DBSalt), also retrieved from the DB, and the provided password (ProvidedPwd) by following this comparaison pattern: /// DBPwdHash == SHA1(DBSalt + ProvidedPwd) /// </summary> /// <param name="passwordToValidate">The password in clear/plain text we want to validate. This value is provided by the user via the login form.</param> /// <param name="userSpecificSaltB64String">The base 64 encoded string of the user specific salt. This value is retrieved from the database.</param> /// <param name="realPasswordSHA1HashB64String">The base 64 encoded string of the real password hash. This value is retrieved from the database.</param> /// <returns>True is the password is valid (that is, produces the same hash). False otherwise.</returns> private static bool IsPasswordValid(string passwordToValidate, string userSpecificSaltB64String, string realPasswordSHA1HashB64String) { // We convert the user specific salt from the B64 string (as stored in the DB) to a byte array. byte[] userSpecificSaltByteArray = Convert.FromBase64String(userSpecificSaltB64String); // We convert the provided password from a clear/plain text string to a byte array. byte[] passwordToValidateByteArray = Encoding.Unicode.GetBytes(passwordToValidate); // We contenate the salt and provided password byte arrays into one saltAndProvidedPasswordByteArray byte array, in the order salt then provided password. byte[] saltAndPasswordToValidateByteArray = new byte[userSpecificSaltByteArray.Length + passwordToValidateByteArray.Length]; Buffer.BlockCopy(userSpecificSaltByteArray, 0, saltAndPasswordToValidateByteArray, 0, userSpecificSaltByteArray.Length); Buffer.BlockCopy(passwordToValidateByteArray, 0, saltAndPasswordToValidateByteArray, userSpecificSaltByteArray.Length, passwordToValidateByteArray.Length); // We generate the SHA1 hash of the saltAndProvidedPasswordByteArray byte array. SHA1 sha = new SHA1CryptoServiceProvider(); byte[] saltAndPasswordToValidateSHA1HashByteArray = sha.ComputeHash(saltAndPasswordToValidateByteArray); // We convert the saltAndProvidedPasswordSHA1HashByteArray into a B64 string. string saltAndPasswordToValidateSHA1HashB64String = Convert.ToBase64String(saltAndPasswordToValidateSHA1HashByteArray); // We compare the SHA1 hash generated thanks to the provided password with the one stored in the database. return saltAndPasswordToValidateSHA1HashB64String == realPasswordSHA1HashB64String; } } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354277 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm