Old Forums
Search:
Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 5.x > Installation and deployment > Changing the password hash algorithm type View modes: 
User avatar
Member
Member
michiel - 8/17/2010 9:32:33 AM
   
Changing the password hash algorithm type
I wanted to change the way passwords are stored in a new Kentico 5.5 installation, so I added the following attribute/value to the membership provider configuration:

hashAlgorithmType="MD5"

When I create a new user, the UserPasswordFormat in the database is still SHA1 for the new user.

Does the Kentico membership provider support other algorithm types? Does it support custom algorithm types so we can integrate with other applications that don't follow only SHA1?

I hope so...

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 8/17/2010 12:51:50 PM
   
RE:Changing the password hash algorithm type
Hi,

Regrettably only SHA1 and plain text formats are supported out-of-the box. For other formats you will need to write a custom membership provider. I am sorry for this inconvenience.

Best regards,
Juraj Ondrus

User avatar
Member
Member
michiel - 8/18/2010 4:24:02 AM
   
RE:Changing the password hash algorithm type
Hi, thanks for the answer.

In the original membership provider from Microsoft there is a method to instantiate any algorithm and then pass off the job of hashing to the algorithm implementation directly. It's based on the cryptoserviceproviders and can be configured in web.config. Then there's no need to have the hashing logic in the membership provider.

Maybe you could consider that?

Thanks!

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 8/19/2010 1:57:50 AM
   
RE:Changing the password hash algorithm type
Hi,

Thank you for your suggestion, we will consider it for the future versions.

Best regards,
Juraj Ondrus

Top