PDA

View Full Version : How-to md5 hash passwords

p-rposters
10-20-2007, 08:36 PM
I'm using AMS6 and want to have password authenticate on open.

I have successfully used the following code on my opening page (in the page on show script)

-------------

--assume the user enters a bad password
correct_password = false;

-- the 'correct' password
real_passwords = {"123", "3333", "aa"};

-- prompt the user to enter a password
user_password = Dialog.PasswordInput("Password", "Please enter the password: ", MB_ICONQUESTION);

-- compare the user's password to the 'correct' password.
for j in real_passwords do
if real_passwords[j] == user_password then
correct_password = true;
end
end

--if the password was bad, exit
if not correct_password then
Application.Exit();
end

-------------

What I'd like to do is have up to 100 md5 hash passwords instead of regular passwords. As I understand it, this is better for security since the passwords are not visible in the code.

How would I go about doing this? I do not need to have a username... just an 8-digit password (that I will convert to md5).
Lorne
10-22-2007, 10:32 AM
Calculate MD5 values for each of your real passwords, and store those MD5 values in your script. Do not put the real password in the script anywhere at all.

When the user enters a password, calculate the MD5 value for it, and then compare that MD5 value against the MD5 values stored in the script.

If two MD5 values match, the data that the MD5 values were created from match as well.

You can use the Crypto.MD5DigestFromString action to calculate the MD5 values.
p-rposters
10-22-2007, 08:29 PM
Thanks Lorne,

But I still don't get it. I'm a copy and paste kind of guy - sorry...

I do have a list of passwords that I generated. I have them converted to md5 and ready to paste into the code.

But what "code" do I use to list them?

In my sample above, there is a place for the "real passwords". Is this where I would list the md5 passwords?

Perhaps you or another member could help me out and provide a sample of the code I should use on my first page on show event.

Thanks so much...
p-rposters
10-25-2007, 09:46 PM
I'm sorry to be a pest...

But, would anybody happen to have a sample of code that uses md5 to authenticate login?

I'd like to have multiple md5 passwords included in the login code.

It's my understanding that using md5 is more secure than regular passwords because they are encoded. Is this correct?

Your assistance is greatly appreciated - thanks.
Lorne
10-26-2007, 09:50 AM
--assume the user enters a bad password
correct_password = false;

-- the 'correct' password
--real_passwords = {"123", "3333", "aa"};

-- MD5 values for "123", "3333", "aa"
real_passwords = {"202cb962ac59075b964b07152d234b70", "2be9bd7a3434f7038ca27d1918de58bd", "4124bc0a9335c27f086f24ba207a4912"};

-- prompt the user to enter a password
user_password = Dialog.PasswordInput("Password", "Please enter the password: ", MB_ICONQUESTION);

-- calculate the MD5 value from what they entered
user_password = Crypto.MD5DigestFromString(user_password);

-- compare the user's password to the 'correct' password.
for j in real_passwords do
if real_passwords[j] == user_password then
correct_password = true;
end
end

--if the password was bad, exit
if not correct_password then
Application.Exit();
end