Announcement Announcement Module
Collapse
No announcement yet.
Generating MD5 Encoded Passwords Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Generating MD5 Encoded Passwords

    I've run into a little problem or confusion on my part that's giving me fits. I've hooked up Acegi Security System for Spring into a Spring J2EE application running within Tomcat 5.5.7. I can authenticate just fine if I turn off the encoding of passwords. If I turn on encoding (with MD5PasswordEncoder) I simply cannot get it to work.

    To seed the database with an account I wrote the following small app:
    Code:
    public class MD5PasswordGenerator {
    
        public static void main(String[] args) {
            MD5PasswordGenerator generator = new MD5PasswordGenerator();
            
            System.out.println("Hashed password: " + generator.generateHashedPassword("password", "$1$simpsons$"));
            System.out.println("Hashed password: " + generator.generateHashedPassword("password", "testSalt"));
        }
        
        private String generateHashedPassword(String password, String saltString) {
            Md5PasswordEncoder encoder = new Md5PasswordEncoder();
            SystemWideSaltSource salt = new SystemWideSaltSource();
            salt.setSystemWideSalt(saltString);
            return encoder.encodePassword(password, salt);
        }
    }
    Now this is where the problem is. When I run this program as it is above it generates the encoded string of 'bd127f9f7a5986a2d62a61e116d1258b' and 'f6307415708c86af81707bac2ab9d7d7', respectively. But it also generates the same encoded strings in the same order if I switch them. So it seems that either salt, '$1$simpsons$' and 'testSalt' kick out the same encoded string.

    Am I doing something wrong or simply missing something? I suspect if I can get over this encoded string confusion the authentication with encoded passwords will start working.

    Thanks,
    P

  • #2
    Try this...

    Code:
    public class MD5PasswordGenerator {
    
        private Md5PasswordEncoder encoder = new Md5PasswordEncoder();
    
        private String generateHashedPassword(String password, String saltString) {
            return encoder.encodePassword(password, saltString);
        }
    
        public static void main(String[] args) {
    
            MD5PasswordGenerator generator = new MD5PasswordGenerator();
    
            System.out.println("Hashed password: " + generator.generateHashedPassword("password", "$1$simpsons$"));
            System.out.println("Hashed password: " + generator.generateHashedPassword("password", "testSalt"));
        }
    }
    The encodePassword method expects the actual salt, not the salt source:
    encodePassword(String rawPass, Object salt)

    The above probably won't solve your authentication with password encoding issue.

    I would try resetting those passwords you have in your database now.
    You have to maintain that salt as well. If you use the SystemWideSalt class, be sure to generate all your passwords using the same salt as the one you configure the SystemWideSaltSource to use.

    Or, just leave out the SaltSource stuff till you get the encoding to work.

    Comment

    Working...
    X