Jump to content

MD5 Hash instead of clear text password


I.P.

Recommended Posts

the .NET Cloud API requires a pc monitor username and password. i want to make it more flexible and provide the username/password as a commandline parameter - is there a possibility to use MD5 hashes instead of the clear-text username and password?

Link to comment
Share on other sites

  • Administrators

We cannot make this change as the server expects the clear password.

But you can as you are in control of the app that uses the API - send the username/password as encrypted arguments that your app will decrypt before sending them to the server.

Link to comment
Share on other sites

i know it would depend on the servers capabilities - maybe a general improvement in the server for the future acception cleartext user/pass OR md5.

yes, an encryption/decryption between control and api is the second best solution and i will use it but everything that is decryptable is decryptable and therefor not as secure as a one-way encryption like MD5.

Link to comment
Share on other sites

  • Administrators

"Even if you store a MD5 encoded password, the hash itself will become your account password and it will be stored as clear text in your cloud instance."

-Marius

I had this idea once too. I've quoted the answer.

Paul.

Link to comment
Share on other sites

i do not agree completely. yes, the hash represents my password but i can only use it with authentication api's that allow using the hash and not everywhere, for instance at the web app or in the mobile apps. but when someone has my real password he can use it everywhere.

my idea was to accept the hash as logon password only with machanisms where an automated login is required, not everywhere. the Cloud API is such a thing.

but the facts are clear now that marius explained so i will use an alternative.

by the way, paul, i have read many of your posts in here and i thought many times this guy is a genious in really understanding the things. keep on!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...