Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hashing a Non-Password in Web.Config - Possible? 1

Status
Not open for further replies.
GacUtil

GacUtil

Programmer
Joined
Jan 5, 2006
Messages
10
Location
US
I need to store a hashed value in a web application, presumably in the web.config file. In researching thusfar, I've found the article referenced below which deals with hashing passwords in the web.config. However, I cannot find a way to hash a non-password value in web.config.


Is it possible to hold a hashed, non-password value in web.config?

Thanks.
 
Sort by date Sort by votes
Wow - Thanks for that great info, BoulderBum.

In reading through the documentation and looking at the namespace members, I don't see a way to 'decrypt' a hash to obtain the original value. Do you know if it is possible to decrypt something once it is encrypted?

Thanks again for your help.
 
Upvote 0 Downvote
For decrypting something, you don't want to use a hashing algorithm. What hashing does is perform a calculation against the input to come up with a unique value that you can't decrypt.

For instance, if you have number values for each letters 'A', 'B', and 'C' which are 1, 2, and 3 respectively, then we could say the "hash" of ABBC is equal to 8 (i.e. 1 + 2 + 2 + 3). Thus, every time we run ABBC through our simple "hashing algorithm" we get the same value: 8.

Notice, however, that if we have the value 8, we can't conclusively tell if the text used to come up with the "hash" was actually "ABBC". After all, it could have just as easily been "BBBB" or "CCB" or "AAAAAAAA", thus we have no way to "unencrypt" the hash value 8.

In actual hashing algorithms, the process is much more complex and they make it a goal to avoid "collisions" (which are different inputs producing the same hash), but the point is that a hash is unencryptible (and that's how they like it!).

In this way, if a user enters their password, you can check if the password is correct by running it through the hash (to see if the input produced the correct value), but your password storage mechanism is secured because even if the data store was hacked, the hash value is useless to the attacker: the actual password is safe because it's not actually stored anywhere.

If you have to be able to decrypt the value, you may want to check out 3DES or RSA encryption.


 
Upvote 0 Downvote
This is very good stuff to know. Thanks again for your help in explaining everything.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

chikwendu
  • Locked
  • Question Question
Mouse jumps to DropDownList when clicking a button
Replies
0
Views
366
chikwendu
chikwendu
Makumbi256
  • Locked
  • Question Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
1K
Makumbi256
Makumbi256
weberm
  • Locked
  • Question Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
1K
weberm
weberm
a6green
  • Locked
  • Question Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
1K
a6green
a6green
JohnB33
  • Locked
  • Question Question
int type causes error
Replies
0
Views
1K
JohnB33
JohnB33

Part and Inventory Search

Sponsor

Back
Top