How to reproduce System.Security.Cryptography.SHA1Managed result in Python

Posted by joetyson on Stack Overflow See other posts from Stack Overflow or by joetyson
Published on 2010-03-22T19:58:13Z Indexed on 2010/03/22 20:01 UTC
Read the original article Hit count: 624

Filed under:
|
|
|

Here's the deal: I'm moving a .NET website to Python. I have a database with passwords hashed using the System.Security.Cryptography.SHA1Managed utility.

I'm creating the hash in .NET with the following code:

string hashedPassword = Cryptographer.CreateHash("MYHasher", userInfo.Password);

The MYHasher block looks like this:

<add algorithmType="System.Security.Cryptography.SHA1Managed, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=blahblahblah"
    saltEnabled="true" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=3.0.0.0, Culture=neutral, PublicKeyToken=daahblahdahdah"
    name="MYHasher" />

So for a given password, I get back and store in the database a 48 byte salted sha1. I assume the last 8 bytes are the salt. I have tried to reproduce the hashing process in python by doing a sha1(salt + password) and sha1(password + salt) but I'm having no luck.

My question to you:

  1. How are the public keys being used?
  2. How is the password rehashed using the salt.
  3. How is the salt created? (e.g., When I say saltEnabled="true", what extra magic happens?)

I need specific details that don't just reference other .NET libraries, I'm looking for the actual operational logic that happens in the blackbox.

Thanks!

© Stack Overflow or respective owner

Related posts about .NET

Related posts about c#.net