Integrating MediaWiki's users to a personal ASP.NET Website

Fragment of a discussion from Project:Support desk
Jump to: navigation, search

Have a look at Manual:User table#user_password.

Krenair (talkcontribs)16:21, 19 April 2012

Hi,

Thanks for the guide. I'm currently attempting to decrypt the password, what I did first was convert the byte[] array to a string using

System.Text.Encoding enc = System.Text.Encoding.ASCII;

               string p = enc.GetString(u[0].User_password); //u[0].User_password is the byte[] of the password.


This is the result: 260960baba3a5d00959bb8bc6880fdec

200.89.154.8216:54, 19 April 2012

What I would like is a step-by-step of the process I would need to follow to validate the user's password from my personal website, since in the link above it's not clear how you get "A pseudo-random hexadecimal 31-bit salt between 0x0 and 0x7fff ffff (inclusive)", for this exercise let's use the string "example".

200.89.154.8219:02, 19 April 2012

So far I have completed most of the algorythm in C#.

string pwd = GetMd5Sum(password); string hash = (GetMd5Sum("salt" + "-" + pwd));

pwd = GetMd5Sum(":B:" + "salt" + ":" + hash);

return pwd;

The only part I have been unable to solve is the Salt. How can I complete it?

200.89.154.8214:01, 23 April 2012

Here's your solution:

   public Byte[] createWikiUserPassword(string newPassword)
       {
           
           // Wikipassword in format ":B:" + salt + ":" + md5 hash of ( salt + "-" + md5 hash of (password) )
           // Create Salt                
           Byte[] salt = new Byte[4];
           RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
           rng.GetBytes(salt);
           
           MD5 md5 = MD5.Create();
           string strSalt = hash2hexstring(salt);
                               
           // MD5 has of password
           Byte[] hashPassword = md5.ComputeHash(Encoding.UTF8.GetBytes(input));
           string strHashPassword = hash2hexstring(hashPassword);
           
           // MD5 hash of salt + dash + hashPassword
           Byte[] md5saltPasswordHash  = md5.ComputeHash(enc.GetBytes( strSalt + "-" + strHashPassword ));
           string strMd5SaltPasswordHash = hash2hexstring(md5saltPasswordHash);
           string strUserPassword = ":B:" + strSalt + ":" + strMd5SaltPasswordHash;
           
           // Total result
           Byte[] userPassword = enc.GetBytes(strUserPassword);
           return userPassword;
       }

       private string hash2hexstring(byte[] input)
       {
           string strInput = BitConverter.ToString(input);
           strInput = strInput.Replace("-", "");
           strInput = strInput.ToLower();
           return strInput;
       }
80.254.146.13214:35, 27 April 2012

Sorry, I missed the declaration if 'enc':

private System.Text.UTF8Encoding enc = new System.Text.UTF8Encoding();

Cheers,

Carl.

80.254.146.13214:36, 27 April 2012

You can edit your post you know.

Krenair (talkcontribs)14:59, 27 April 2012
 
 
 
 
 
 
Retrieved from "http://www.mediawiki.org/wiki/Thread:Project:Support_desk/Integrating_MediaWiki%27s_users_to_a_personal_ASP.NET_Website/reply#Integrating_MediaWiki.27s_users_to_a_personal_ASP.NET_Website_14856"