Dnn Password Decrypting
The hashing of the password can be done either on the client side, on the server side, or on both. 1- If done by the client, even if the communication channel is attacked, the original password is.
I am having a rough time with one of my DNN installs. Initially there was a enc key specified for this DNN instance. Well I needed to import some users (25,000+) and when i did this via SQL DTS the passwords in the Users table were as they were in the import table but since the portal is using an enc key those passwords are actually not the 'real' passwords. When I was able to log into this instance I tried in host settings to clear the enc key, but sadly it just killed the application and I would get time outs.
The web server is a PE2650 and I am kinda bummed that I am killing it with this single task. I have looked in the tables to no avail to where this might be stored, so I thought Iwould ask you all for some pointers.
It has to be saved somewhere and what I would like to do is clear the enc key and try to restart the application. Another related issue is that when I first tried to clear the enc key via host settings I crashed the server as it was trying to send out 25k smtp messages. The network guys wanted to kill me and I don't blame them. If anyone has had to deal with disabling the notification functions I would like to hear what you did for this. Right now I have just turned off smtp on the server but everytime I try to make a change via the application it wants to tell it's user base about the change. So I should have about 75k messages waiting to beat up the mail server (25k x 3 change attempts).
I am scared to see what will happen once I turn back on smtp. Thanks, Ron. Hi Ron, Just a quick disclaimer in that the following info is current as of DNN 2.0.3. The encryption key is stored in the HostSettings table.
Whenever you change the encryption key through the application, it first decrypts the password (to get the plaintext original) and then encrypts and stores the new encrypted password. To my knowledge, it only sends out the notification emails if the decryption fails (if upon decryption, the password is the empty string). A surefire to stop the emails from going out is to comment out the lines in the source and recompile. That may or may not be an option for you. I believe if you clear the EncryptionKey directly in the database, none of your existing user's passwords will work, since they will still be in encrypted form. If this doesn't matter, you can go ahead and clear out the value, then go in and create new plaintext passwords for host/admin.
Please proceed w/ caution. Hope this helps.
Jake, Thanks for the reply. I feel like an dumba.s for over-looking the HostSettings table. I have never needed to of been in there so I had my blinders on to it. Your comment about the enc failing is right. I went into my smtp server logs and looked at some of the emails that were sent out. Perhaps someone else with a large users table could setup a test enviroment and try to encrypt then decrypt the passwords and see if it works or if it bombs.
Dnn Password Decrypt
What I did to get back in was just put up another fresh instance of dnn, set the key to the same and copied the enc version of the host password from the fresh db to the trouble db. I would like to comment out the email functions, however I am having a funny issue that is unrelated where upon recompile I cannot log in to the portal. Even without making any code changes just rebuilding, I get no errors or anything. Android emulator for windows 7 32 bit 1gb ram free download. Need to check that out now. I did have to redo everyones passwords from a source file that I had in SQL after I was able to clear out the enc key, if anyone is interested in a script like that here it is. It is referencing a table that has the username and pass already in there.
Dnn Password Decrypting File
UPDATE databasename.dbo.userstable SET password = src.password FROM databasename.dbo.userstable JOIN databasename.dbo.userstablesource src ON databasename.dbo.userstable.username = src.username Maybe this will help out someone. Thanks again Jake, Ron.
Decrypt A Password For Free
Before moving on to password Encryption and Decryption, I will give a quick review on types of password formats in DNN. Password Format There are three password formats in DNN. Clear. Hashed. Encrypted The PassworFormat property indicates how password is stored in database. Clear indicates that password is stored in plain text. No encryption is done.
Hashed passwords are hashed using one way hashing algorithm. It means once the data is encrypted, you can not decrypt it. Encrypted password are encrypted and stored in database.
These passwords can also be decrypted. You will find the passwordFormat in your web.config file of your DNN installation.