SHA1 Password returns as cleartext after DB query

Posted by Code Sherpa on Stack Overflow See other posts from Stack Overflow or by Code Sherpa
Published on 2010-04-07T03:56:14Z Indexed on 2010/04/07 4:03 UTC
Read the original article Hit count: 233

Filed under:
|
|
|

Hi.

I have a SHA1 password and PasswordSalt in my aspnet_Membership table. but, when I run a query from the server (a Sql Query), the reader reveals that the pass has returned as its cleartext equivalent.

I am wondering if my web.config configuration is causing this?

<membership defaultProvider="CustomMembershipProvider" 
                userIsOnlineTimeWindow="20"
                hashAlgorithmType="SHA1">
      <providers>
        <clear/>
        <add  name="CustomMembershipProvider"
              type="Custom.Utility.CustomMembershipProvider"
              connectionStringName="MembershipDB"
              enablePasswordRetrieval="false"
              enablePasswordReset="true"
              requiresUniqueEmail="false"
              requiresQuestionAndAnswer="false"
              passwordStrengthRegularExpression=""
              minRequiredPasswordLength="1"
              minRequiredNonalphanumericCharacters="0"
              passwordFormat="Hashed"

thanks in advance...

© Stack Overflow or respective owner

Related posts about sha1

Related posts about salt