Hashing Passwords

Ok, Here's my code that I recieved from a friend...but....My
DB isn't updating. Am I missing a step?

<cfquery name="myQuery" datasource="myDatasource">
SELECT Username, Password
FROM MyUserTable
</cfquery>

<cfloop query="myQuery">
UPDATE MyUserTable
SET Password = '#Hash(myQuery.Password)#'
WHERE Username = '#myQuery.Username#'
</cfloop>

Not sure if it will make a difference, but since you are
using query="myQuery" in your cfloop, you don't have to repeat
myQuery in your variable names within the second cfquery.
(Also, you can use cfoutput instead of cfloop. Not sure which one
is more efficient.)

<cfquery name="myQuery" datasource="myDatasource">
SELECT Username, Password
FROM MyUserTable
</cfquery>

<cfoutput query="myQuery">
UPDATE MyUserTable
SET Password = '#Hash(Password)#'
WHERE Username = '#Username#'
</cfoutput>
Phil

Similar Messages

Hashing password in UAG for FBA solution in Sharepoint 2013

We have configured FBA SharePoint 2013 Pack from Codeplex on our SharePoint 2013 environment. Creating new users will hash the user passwords in the database. When we try to authenticate the FBA users via UAG (not joined to domain) the password
will compare in clear text to the hashed password in the database. Is there any way to configure the UAG to hash the passwords the same way so we can compare it with the hashed value in our database?
Any help here would be appriciated.

Hi siddiqali,
According to your description, my understanding is that you want to deploy SharePoint 2010 Sandbox solution to SharePoint 2013.
Most of the wsp Solutions deployed in SharePoint 2010 should work fine in SharePoint 2013. This is because of the Support for both 14 Hive and 15 Hive directories that are Created in SharePoint 2013 by default.
Initially, when you deploy a SharePoint 2010 Solution it gets deployed to 14 Hive and not 15 Hive. To force the solution to install in 15 Hive you need to modify manifest.xml file of your solution and add addSharePointVersion=”15.0” attribute to it. The
Solutions can be forced to install in 15 hive. However, some of the files especially that refers to _layouts might not work. All SharePoint 2010 Solution files that refers to _layouts folder (i.e. Features, Layouts-files, Images, ControlTemplates)needs to
be updated, the best approach is to re-create the Solution in Visual Studio 2012.
More information, please refer to the link:
http://www.learningsharepoint.com/2013/03/24/deploy-sharepoint-2010-solutions-in-sharepoint-2013/
Here are some similar posts for you to take a look at:
http://www.threewill.com/2013/10/migrating-a-sharepoint-2010-solution-to-a-sharepoint-2013/
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/30fe4cb9-ea11-46d0-868d-4306d915b4db/how-to-convert-sp2010-wsp-to-sp2013?forum=sharepointdevelopment
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support

Reseting the Hashed Password after enabling Windows File Sharing

Disclaimer: you'll need a good bit of knowledge about OS X, UNIX, and encryption to understand what I'm talking about.
All right, so normally OS X hashes user passwords using a salted SHA1 encryption. It uses shadowing so that you can't obtain the actual hash value using "% nidump passwd".
BUT, if you enable Windows File Sharing, all that changes. OS X re-hashes your password using the much less secure LANMAN encryption. This allows Windows machines to access your files. (LANMAN is what Windows used to encrypt passwords up through Windows ME. Later versions of Windows use NTLM instead, which is stronger.) This is why, the first time you enable Windows File Sharing, OS X warns you that enabling the feature will require your password to be stored in a less secure manner; it's downgrading the hash from SHA1 to LANMAN.
My question is: I'm done sharing files with idiot Windows users - how do I force OS X to go back to storing my password using SHA1?
Thanks guys.
-Bryan

Thanks biovizier. You're absolutely right, deleting the extra text after ";shadowHash;" and then reseting the password for the user's account does seem to force OS X to rehash the password using SHA1.
Just in case someone else has this question in the future, here's how to verify that your password is hashed in SHA1:
Log in as Root and open the /private/var/db/shadow/hash folder. You'll see files with long, weird names. You'll also see an XML file (with the extension *.state) for each of the files with long, weird names. The XML file contains several tags that tell OS X information about the hashed password - things like when it last logged on, when it was created, how many times login failed, etc.
We're interested in the other files - the ones that don't end in ".state"
To verify that SHA1 is being used, open the long, weird files in textedit. You should see something like this:
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000059G31HJ75BR54210P07Y57BC57094D643H78K8765L98C6X000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000
There should be a few more zeros; I've cut some out here to save space.
What should NOT exist, is the following:
57Y083D243109VGR45Z4B65812R8M087H65HJ8OK95T89L8JHL9000000000
000000000000000000000000000000000000000000000000000000000000
0000000059G31HJ75BR54210P07Y57BC57094D643H78K8765L98C6X00000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000
The second Hashed value does not start with zeros. This hash value is not SHA1. It is the less secure encryption method required for compatability with Windows.
If your hash file opens with zeros, you're using SHA1. Otherwise, follow Biovizier's procedure: Open NetInfo, select the user account whose password needs to be changed back to SHA1, look at the "authentication_authority" value, make sure the value is set to ;ShadowHash; and that no additional text follows that string, then reset the affected account's password. You can then log back in as root and re-check the hash files using textedit and you should find that the hash file opens with solid zeros instead of letters and numbers.
Do NOT manually edit the hash files in textedit. One of those files is the hash for the Root password. If you change that hash file, your root password will no longer work (because when you type MYPASSWORD, OS X will hash that string and find that the hashed value no longer matches the stored hash value in /private/var/db/shadow/hash and OS X will therefore reject your password as incorrect) and you will quickly find yourself locked out of your computer for good.
And finally, just in case you have the computing power of the NSA and are thinking about running the hashes I've listed here: A) They aren't the right length; I've left some characters out and B) I randomly substituted different alphanumerics in for the ones in my real hashes with no rhyme or reason.
Which brings me to another point: NEVER post your hashes online. Yes, it takes a TON of computing power to break them, but still, they're hidden away for a reason!
Anyway, I hope this helps other security buffs out there.
I'm going to make a suggestion to Apple that OS 10.5 be changed so that when you unclick "windows file sharing" the OS immediately rehashes your password in SHA1 again.
-Bryan

Insert a hashed password into OID

I have the need to migrate all user accounts (stored in a custom table) into OID as we are moving over all login to Single Sign On
Within our custom table, we store the Application username and password (hashed using DBMS_OBFUSCATION_TOOLKIT.MD5 function)
What I would like to do is migrate these hashed passwords into OID so the users can keep the same passwords as are been currently used in the Application
I have been playing around with the "No Encryption" option in OID as well as the "Userpassword reversable Encryption" attribute in the Password Policy for Realm area but with no real joy
Any suggestions would be welcome otherwise I will have to issue new passwords to all users
Regards
Duncan

If you only need plain SSO you probably can get this to work. LDAP allows storing hashed passwords, and MD5 if I am not mistaken should be supported on OID. EUS (Database authentication) wont probably work, but SSO should be fine.
See note 261780.1, you need to prepend the hash type, and it needs to be base64 encoded. On a LDIF file it should look like this:
userpassword: {MD5}IUg245aBlYtKEGVI1N1gfg==
I never tested this, so good luck. But if you cannot get it to work you can do this the hard way, store the hash on some other attribute, like pager or facsimiletelephonenumber, and implement a ldapcompare and ldapbind plugin to replace the password validation with a custom package.
Regards,
Luis

OBIEE 11.1.1.7 external database authentication fails with hashed passwords.

Hi .
I use an external database ( Oracle database 11g release 11.2.0.1.0) to authenticate user with OBIEE 11.1.1.7.
I configured SQL Authentication provider as my provider ,It works OK with :enabled Plaintext Passwords Enabled option and password is stored as plain text.
But It fails when I disable this option and want to authenticate with hashed passwords.It gives Authenticate Denied error.
In Provider Specific tab there are some parameters which might need changes:
1-Password Algorithm:??
2-Password Style:??
3-SQL Get Users Password:SELECT U_PASSWORD FROM USERS WHERE U_NAME = ?
How can I find correct values for options 1 and 2 form my external database?
And Is it need to rewrite query in option 3 ?
Please find attach files.

Hi,
I too faced same issue when I was installing OBIEE 11.1.1.7.0 on windows7 64bit.
Please refer the below links.
http://satyaobieesolutions.blogspot.in/2013/05/configuration-action-creating-domain.html
http://satyaobieesolutions.blogspot.in/2013/05/obiee-111170-simplesoftware-installation.html
http://satyaobieesolutions.blogspot.in/2012/06/obiee-11.html
Hope this help's
Thanks,
Satya

Hashing passwords using SSHA (iDS 5.1) repost

Hi,
The initial response to the question below was to use the pwdhash utility. We would prefer to write our own code rather than use pwdhash. Is there any information any where on how iPlanet implements SSHA? I assuming some body else has done this before.
Cheers
Simon
Question:
We would like to take a password in the clear and hash it with the SSHA algorithm so that it can then be stored in the Directory. I know that the Directory will perform the hashing but we want to hash the p/w and provide it already hashed ({SSHAizamiseW6xky})before it gets to the Directory. Is there any information/documentation on how iPlanet implements SSHA so we can achieve this?

Hi Simon,
If you write preoperation plugin you can have partial solution in this context. Get userPassword (clear text) value from the entry/mod structure of pblock in preop ADD/preop MODIFY functions. Use "slapi_encode(char* value, char* algorithm)" or your own hashing function to hash password value and reset userPassword attribute with this hashed password value.
regards,
sanjay

Hashed password import into LDAP

hello,
is it possible to import MD5 hashed password direct into LDAP instead of creating a new one?
Any help would be appreciated.
Ales Hrncarek
[email protected]

Hello
I'm also interrested in the same topic.
We are working on a project that require programatic registration of portal users.
We found out that the best way to register a new portal user was going directly into ldap.
The only problem i have is finding the right way to encrypt the passwords.
I tried to set the password in clean text, but ofcourse it didn't work (i didn't actually think it would either ;) )
How do you encrypt the password? Is there a java api i can use?
Regards
Per-Jarle Sfther

How to check if fnd_users already migrated to Non-Reversible Hash Password

Hi All
How does one check if fnd_users have already migrated to Non-Reversible Hash Password or not
(as described in FNDCPASS Utility New Feature: Enhance Security With Non-Reversible Hash Password [ID 457166.1] )
thanks in advance

Thanks for the update.
select * from V$OPTION where parameter = 'Oracle Database Vault';I believe this has nothing to do with password hashing.
Once the migration is done, the following should return ‘SHA’.
select fnd_web_sec.get_pwd_enc_mode from dual;Well, this is not documented anywhere (not even in eTRM) as the package body is wrapped.
Thanks,
Hussein

Migrate users from qmail to sun messaging (import MD5 hashed passwords)

Hi,
we are planning to migrate about 2000 users from our current mail system (qmail + openldap) to Sun Messaging 6.2.
We have encountered a problem with user password migration. In our current ldap user passwords are MD5 encrypted, but it appears as Directory 5.2 does not support MD5 encryption method.
This is what I have found :
http://docs.sun.com/source/817-7616/config.html#wp26092
The following encryption types are supported by Directory Server:
* SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the most secure.
* SHA (Secure Hash Algorithm). This is the method supported by 4.x Directory Servers.
* CRYPT is the UNIX crypt algorithm. It is provided for compatibility with UNIX passwords.
* If this attribute is set to CLEAR, passwords are not encrypted and appear in plain text.
We want to import MD5 hashed passwords so users can use their old password after we migrate to SUN, but as passwords are updated they will be SSHA hashed.
We only have a problem with importing MD5 hashed passwords in ldap directory.
Current password on openLDAP are created with the following PHP code:
$info["userPassword"]= '{md5}' . base64_encode(pack('H*', md5($passwd)));
I have tried to copy userpassword value from openldap to directory but the directory ignores {md5} and hashed the string again using SSHA.
Example:
cleartextpass: password
md5_base64_hash={MD5}X03MO1qnZdYdgyfeuILPmQ==
after ldap modify userpassword field loks like this:
userpassword:{SSHA}a+dFsejrTGwQAgdU07kkgzWWOC16SiIW2UsPcQ==
What is the correct procedure to import MD5 hashed passwords in Sun Directory?
(NS-MTA-MD5 Password Storage Plug-In is enabled)

Sun Directory 5.2 has a plugin NT-MTA-MD5 which should enable users to authenticate with MD5 hashed passwords.
I have checked in cn=config and NS-MTA-MD5 plugin is enabled.
I have tried with {NS-MTA-MD5} prefix and still directory does not allow users to authenticate.
Example:
cleartextpass: foo
md5_base64_hash={NS-MTA-MD5}rL0Y20zC+Fzt72VPzMSk2A==
after ldap modify userpassword field loks like this( NS-MTA-MD5 is accepted by directory):
userpassword:{NS-MTA-MD5}rL0Y20zC+Fzt72VPzMSk2A==
but
ldap bind fails with "invalid credentials" error
We are using solaris 10 so I tried using the prefix {crypt} and it did not work. You said something about the right config in /etc/security/crypt.conf. Here is the content of my crypt.conf file:
1 crypt_bsdmd5.so.1
2a crypt_bsdbf.so.1
md5 crypt_sunmd5.so.1
This should be the right config "md5 crypt_sunmd5.so.1"
Am I missing something here?
Is there anything else I need to do to enable directory to use MD5 hashed passwords?
Maybe NS-MTA-MD5 plugin is not enough?

Getting NT or LM hashed password

Hi all!
I have the response from an NTLM challenge response, and I
would like to autheticate the user againts an ActiveDirectory. Is there
a possibility to get the user's NT or LM hashed password
needed to generate an NTLM like response for comparing
with the one received from the client?
Tankx!

I think you're going about this in the wrong way.
Just try and connect to Active Directory using the username and password provided then try reading their user object's attributes.
If the credentials are wrong you'll get an exception.

Convertion of hash password

Hi,
SELECT username,password FROM dba_users
                 WHERE username='SCOTT';
USERNAME        PASSWORD
SCOTT              F894844C34402B67Can we convert above hash password value to normal text......
Any help please......
Thanks and Regards
Reddy.

Not using traditional methods. A Hash is a one-way function, you can never get the reverse of it.
I will not link to any tools to circumvent this. You are left to your own creativity/ingenuity.

How Windows 7 and 8 hash password

Hello guys,
could you help me to find the best ebook or source, which describe how windows works with passwords, how hash it and which version of crypto. Windows use today (windows 7, 8). I have information from everywhere but I would like to know more. If ebook
will include some nice diagrams I will be happy.
Thank you all.

Hi,
I would suggest you browser on the Microsoft Press books website and see if you can find what you want.
https://www.microsoft.com/learning/en-us/microsoft-press-books.aspx
Regards
Yolanda Zhu
TechNet Community Support

Decrypt the hashed password in SQL Server 2008

Hello all,
I have used HASHBYTES to decrypt the password of the user using SHA1, so now there is a requirement to decypt back the password to its original form,
for eg
Pass word is 'Jhon' so after applying HASHBYTES('SHA1','Jhon') it gices the output as "0xB13B42158655F36814F3C4541C6457F7CAD0F719"
Now i want back to get Jhon from the encypted value.
Please suggest an idea to do so.
Thanks for advance.
Pankaj Kumar Yadav-

To expand on what Dan says above, one can use pwdencrypt/pwdcompare from SQL but in a different context (http://stackoverflow.com/questions/173329/how-to-decrypt-a-password-from-sql-server).
The context would be more like the one that is used to determine whether your user passes a CORRECT password. In this case, the hash value saved in the database must be the same as the hash value of the password being passed in. In this
manner, while you can't decrypt, you can determine whether the user knows the password or not without storing the password. Not the best way to enable a password, but a workaround for sure. Similar to Dan's method above but may provide a bit more
detail as to the why's and wherefore's using the examples listed there.
R, J

Authentication with hashed password

Hi,
the user passwords in my iPlanet 5.1 are stored by using SHA. I authenticate a user from a JBoss AppServer by using an LDAPLoginModule which works fine.
Now I want to secure this access by no longer sending the clear text password over the network. Instead I configured my JBoss-LoginModule to hash the password by using "SHA-1" before accessing the LDAP server. But now the authentication fails.
ERROR [LdapLoginModule] Failed to validate password
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials
Do I have to configure something in the iPlanet before I can access it with a password that is already hashed?
Does iPlanet recognize that the sent password is already hashed? Maybe it tries to hash the password again before checking?
Andreas

As far as my experience with this has gone, the simple answer is no. You'll have to enter it in cleartext.
The most used methodology is to create some kind of standard password to send for each new account, and make it mandatory to change it as soon as the user logs on for the first time. I don't know any other way to do this.
- Mark

Hashing passwords using SSHA (iDS 5.1)

Hi,
We would like to take a password in the clear and hash it with the SSHA algorithm so that it can then be stored in the Directory. I know that the Directory will perform the hashing but we want to hash the p/w and provide it already hashed ({SSHAizamiseW6xky})before it gets to the Directory. Is there any information/documentation on how iPlanet implements SSHA so we can achieve this?
Cheers
Simon

There is a command line utility - bin/slapd/server/pwdhash - I believe this command is documented in the Command reference or the Admin Guide.

Hashing Passwords

Similar Messages

Maybe you are looking for