How old is the OFBiz instance? The hex encoding was messy a few years back which resulted in unexpected results but that's been fixed for a while now.
Regards Scott HotWax Media http://www.hotwaxmedia.com On 7/07/2010, at 10:55 AM, CGrantAnderson wrote: > > I am working on an application that wants to leverage the ofBiz user logins > to allow ofBiz users to automatically logon to another application developed > in .NET ASP.NET. The ASP.NET application gets a login from the user and > then accesses a copy of the ofBiz user login table to compare passwords for > login validation. I have the .NET code creating a SHA-1 password hash but > it does not compare properly to the encrypted passwords in ofBiz. I wrote > some test Java code and determined that it's version of SHA-1 is the same as > the .NET version hash. So it looks like a salt is being used but none of > the ofBiz developers where I work can point out how to find the salt value > or help me with this. I have looked through the login code and it looks > like a straight SHA-1 hash using MessageDigest. But then the hashed > passwords should match but they don't. > > Can someone tell me what (and where) the salt value is that is being used? > Or if I'm missing something here what it is? And possibly point me to where > in the documentation this is covered (if it is)? > > Thanks! > > - Grant > -- > View this message in context: > http://ofbiz.135035.n4.nabble.com/Comparing-ofBiz-Hashed-Passwords-in-NET-tp2280296p2280296.html > Sent from the OFBiz - Dev mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME cryptographic signature
