Jump to content

Salted Password


Recommended Posts

i extend my enterprise servers capabilities by own applications and i use the pc monitor logon (username/passwort) to authenticate.

i had to notice that my notification router (the app) cannot be used anymore since the passwords are salted before stored into the database. has the salting started with an update of the enterprise server? i didn't install/change something.

i need to know the salting algorithm to make that working again, i have to be able to calculate the salted-hash outside the enterprise server in my own application.

Link to comment
Share on other sites

  • Administrators

We cannot provide the salting algorithm but we can surely help you authenticate using your own applications.

Please email us your requirements and we will do our best to help and, if needed, extend the API to support them.

Link to comment
Share on other sites

my requirement is that my own application (only one by now, but it will become more) is able to authenticate against the user accounts in the pcmonitor database. at http://watch.esecure.at/nr for example you provide a username and a password and the website authenticates against the database.

i have seen a passwortSalted binary-field in the accounts table. does this mean i can choose using salted passwords or unsalted md5?

an api is only the second best solution because i want my application work stand-alone, even when the enterprise server itself stops operation. but maybe you have a good idea on that issue. my only solution by now would be to have seperate passwords for pcmonitor itself and my applications.

Link to comment
Share on other sites

i would like to understand the reason for the salting of the passwords in this case. salting itself is clear because then often used passwords do not appear in any md5 cracking database. it is the nature of md5 hashing that a simple change in the clear-text results in a very different hash, so just adding an "a" for example is already a good salting because it completely changes the hash.

wouldn't it be possible to use a salting-parameter (a short formula, a text extension etc...) per enterprise server and the license owner is allowed to know? this would make it possible for the operaters of enterprise servers to use own authentication methods.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...