问题
We are converting an ASP site (using DotNetNuke) to a new PHP site. The only thing we have right now is a full export of the existing database. One of the tables is called "aspnet_Membership" and contains the following fields:
- Password (looks like base64)
- PasswordFormat (always value 2)
- PasswordSalt (looks like base64)
- PasswordQuestion (always empty)
- PasswordAnswer (always empty)
We would like to decode these passwords and hash them to fit our own framework. From what I understand from the .NET documentation these kind of passwords can be decrypted. Is there an algorithm available that can do this or is it more complicated than that? Will it be possible if we create an ASP script on the current server?
Thanks in advance
回答1:
I think 2 means "Encrypted", not "Hashed" (see the definition here)
Encrypted means you can actually decrypt it but you will need the machine key stored in configuration files (take a look at the link I sent) of the physical machine where these passwords were created. If you have only a copy of the database, then you can't do it.
回答2:
Unfortunately your value of 2 in PasswordFormat tells us that these passwords are hashed, presumably using SHA1 (you can check this in your web.config). There's no way to reliably get the original password back, sorry.
*edit: unless you're aware of a specific cryptographic weakness in the particular hashing function, of course.
来源:https://stackoverflow.com/questions/4323800/membershipprovider-getpassword-algorithm