Jump to content

MD5 Hash instead of clear text password


Recommended Posts

the .NET Cloud API requires a pc monitor username and password. i want to make it more flexible and provide the username/password as a commandline parameter - is there a possibility to use MD5 hashes instead of the clear-text username and password?

Link to post
Share on other sites
  • Administrators

We cannot make this change as the server expects the clear password.

But you can as you are in control of the app that uses the API - send the username/password as encrypted arguments that your app will decrypt before sending them to the server.

Link to post
Share on other sites

i know it would depend on the servers capabilities - maybe a general improvement in the server for the future acception cleartext user/pass OR md5.

yes, an encryption/decryption between control and api is the second best solution and i will use it but everything that is decryptable is decryptable and therefor not as secure as a one-way encryption like MD5.

Link to post
Share on other sites
  • Administrators

"Even if you store a MD5 encoded password, the hash itself will become your account password and it will be stored as clear text in your cloud instance."

-Marius

I had this idea once too. I've quoted the answer.

Paul.

Link to post
Share on other sites

i do not agree completely. yes, the hash represents my password but i can only use it with authentication api's that allow using the hash and not everywhere, for instance at the web app or in the mobile apps. but when someone has my real password he can use it everywhere.

my idea was to accept the hash as logon password only with machanisms where an automated login is required, not everywhere. the Cloud API is such a thing.

but the facts are clear now that marius explained so i will use an alternative.

by the way, paul, i have read many of your posts in here and i thought many times this guy is a genious in really understanding the things. keep on!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...