SearchSearch   ProfileProfile   Log inLog in   RegisterRegister 

Alterning the form of MD5 encryption used in FirstSpot.

 
Post new topic   Reply to topic    FirstSpot Forum Index -> Pre-sales Support Forum
View previous topic :: View next topic  
Author Message
gsmith



Joined: 12 Nov 2003
Posts: 3

PostPosted: Wed Nov 12, 2003 9:19 pm    
Post subject: Alterning the form of MD5 encryption used in FirstSpot.

Can the form of MD5 encryption be changed?

Your documents state that MD5-HMAC encryption is used in FirstSpot. Our user database uses a different variation of MD5 and I cannot change the data. I'm believe it is a standard MD5 hash and have included examples below. Is it possible to make this change to FirstSpot?

Thanks,
Greg Smith

dog
06D80EB0C50B49A509B49F2424E8C805

cat
D077F244DEF8A70E5EA758BD8352FCD8

bird
ABAECF8CA3F98DC13EEECBAC263CD3ED
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Thu Nov 13, 2003 10:11 am    
Post subject:

Unfortunately, it is not possible to change the encryption mechanism in FirstSpot at this moment.

Can your user database trigger encrypt_pwd.exe to insert a row to FirstSpot table also (when creating users)?

We might be able to customize FirstSpot so that FirstSpot's encrytion mechanism can be "offloaded". This has some security implication though.
_________________
~ Patronsoft Limited ~
Back to top
gsmith



Joined: 12 Nov 2003
Posts: 3

PostPosted: Thu Nov 13, 2003 12:44 pm    
Post subject: Alterning the form of MD5 encryption used in FirstSpot

Although I can generate both hashes from my original "mass add" of students, my goal is to have synchronized passwords. This solution would only work until the user changes his/her password. A password change in our main system would not be reflected in the FirstSpot database. Basically this will result in additional support for my staff as students EXPECT password synchronization.

Question: Are your programmers willing to point me to the PHP code snippets where the encrypt is done? I can probably make the changes myself if pointed to the files and lines regarding the "create encrypted password" and "encrypt and compare passwords".

Since I think the standard form of MD5 encryption is most commonly used, perhaps your code could offer a config option for this and some of the other common HASH routines.

Thanks,
Greg Smith
Back to top
kevin
Forum facilitator


Joined: 26 Sep 2003
Posts: 442

PostPosted: Fri Nov 14, 2003 9:32 am    
Post subject:

The password encoding process actually takes place at our C program level as well, in addition to PHP. Therefore, we do have to change at the source-code level to accomdate your needs.

Our team will talk to you directly to see how we can help.

~ Patronsoft Limited ~
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Thu Dec 04, 2003 8:39 am    
Post subject:

We implement "Password Offloading" in 2.1 Advanced Edition. For those who are interested in testing 2.1 Beta 1, please send us an email at firstspot@patronsoft.com.
_________________
~ Patronsoft Limited ~
Back to top
Display posts from previous:   
Post new topic   Reply to topic    FirstSpot Forum Index -> Pre-sales Support Forum All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group