15,893,668 members
Sign in
Sign in
Email
Password
Forgot your password?
Sign in with
home
articles
Browse Topics
>
Latest Articles
Top Articles
Posting/Update Guidelines
Article Help Forum
Submit an article or tip
Import GitHub Project
Import your Blog
quick answers
Q&A
Ask a Question
View Unanswered Questions
View All Questions
View C# questions
View C++ questions
View Javascript questions
View Visual Basic questions
View Python questions
discussions
forums
CodeProject.AI Server
All Message Boards...
Application Lifecycle
>
Running a Business
Sales / Marketing
Collaboration / Beta Testing
Work Issues
Design and Architecture
Artificial Intelligence
ASP.NET
JavaScript
Internet of Things
C / C++ / MFC
>
ATL / WTL / STL
Managed C++/CLI
C#
Free Tools
Objective-C and Swift
Database
Hardware & Devices
>
System Admin
Hosting and Servers
Java
Linux Programming
Python
.NET (Core and Framework)
Android
iOS
Mobile
WPF
Visual Basic
Web Development
Site Bugs / Suggestions
Spam and Abuse Watch
features
features
Competitions
News
The Insider Newsletter
The Daily Build Newsletter
Newsletter archive
Surveys
CodeProject Stuff
community
lounge
Who's Who
Most Valuable Professionals
The Lounge
The CodeProject Blog
Where I Am: Member Photos
The Insider News
The Weird & The Wonderful
help
?
What is 'CodeProject'?
General FAQ
Ask a Question
Bugs and Suggestions
Article Help Forum
About Us
Search within:
Articles
Quick Answers
Messages
Comments by rizdplex (Top 2 by date)
rizdplex
22-Jan-16 4:57am
View
Thanks for all your valuable comments, Our application is acessed across by millons users, practically migrating them would be a long time process and that happen with time as application is used. And your comments are going to be helpful.
Would like to elaborate part of the question depending upon the feedback you have provided
"After upgrading our application to SHA2 with above settings, we expect that the older users passwords(which was encrypted using SHA1 and already present in memebership database) will not work with SHA2 alogorithm. But it allows older users to login without any modification in previously encrypted password. "
the application uses Asp.net Membership concept for mantaining login credentials, after specifying SHA2 as algorithm to be used for authenticating the user ideally depending upon feedback from your side it should not allow login but to out strange it allows old passwords hashed using SHA1 sucessfully login into the application .
My question is what hashing algorithm does Asp.net Membership concept use for Hashing passwords.
rizdplex
22-Jan-16 4:56am
View
Thanks for all your valuable comments, Our application is accessed across by millions users, practically migrating them would be a long time process and that happen with time as application is used. And your comments are going to be helpful.
Would like to elaborate part of the question depending upon the feedback you have provided
"After upgrading our application to SHA2 with above settings, we expect that the older users passwords(which was encrypted using SHA1 and already present in membership database) will not work with SHA2 algorithm. But it allows older users to login without any modification in previously encrypted password. "
the application uses Asp.net Membership concept for mantaining login credentials, after specifying SHA2 as algorithm to be used for authenticating the user ideally depending upon feedback from your side it should not allow login but to out strange it allows old passwords hashed using SHA1 successfully login into the application .
My question is what hashing algorithm does Asp.net Membership concept use for Hashing passwords.