SHA1 is a hash algorithm, not an encryption one. Unless you know the passwords you can not reverse it. You will probably have to authenticate the old way and force users to enter a new password, or after they authenticate, rehash or encrypt the password the new way.
Base64 is not even a hash, just an encoding, so would be much weaker than SHA1. It can readily be reversed. You can generate a test certificate, look in the knowledge base for instructions how to do that. -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Paul Cowan Sent: Tuesday, April 22, 2008 10:12 AM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: [ADVANCED-DOTNET] Security questions Hi,We have a web application that where the username and password are stored in the database.The password is stored as SHA1. We have just been through a security audit which deemed SHA1 to be not the saftest encryption algorithm.Is there any way we can update the passwords from SHA1 to base64?We also need to have the transport running over https, how can we develop against Https without purchasing a certificate? Is there a [EMAIL PROTECTED] _________________________________________________________________ 100’s of prizes to be won at BigSnapSearch.com http://www.bigsnapsearch.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
