Encrypted password different

Halo,

I have a question about the encrypted password function.

Originally, i am using Outsystems to create user. And I set a password "ABCD". When i check in the db.. the password is "fff@@rfjsjkcjvwiwrjrjewjfjdkskdoffo"   , this is encrypted.. i understand.

Then, i try to add new action call "ENCRYPTED PASSWORD".

When i pass the password is "ABCD", i suspect it should get "fff@@rfjsjkcjvwiwrjrjewjfjdkskdoffo" .

but i noticed, it is different. It is generate the other string of encryted password. "feefjsidj348fjcxs@#$$@"

I wonder how to get the same encrypted password in outsystems user table?


Thank you


Hello,

When you encrypt the same Password you will always have different values for that Password in the User Table.

Imagine if User A and User B have in the user table the same encrypted value. User A will automatically know User B password and that can be a security issue.

Hope it helps,

Best Regards,

Guilherme Oliveira


Hi,


You can't obtain that result because the EncryptPassword create your encrypted password based in two parameters:

Username and password. 

With that two parameters, it's called an Hash function that processes and create your encrypt password. Since you can't have two identical usernames, the result will never be the same as previous one.


Hope this can help.


Best regards,

Ricardo M Pereira

Hi,

When a password is encrypted, the encryption hash cannot be the same, it is random, because as already mentioned, for the same set of characters you could run security risks. Because many encryption algorithms do what they do, for example, they put a header with a hash type, for example, and then it is that header that is used to decrypt the string or password.

In this specific case, the password and username pair are used, as a pseudo hash, to encrypt the value of the password in the database. Without this pair of parameters, you cannot decrypt the password, unless the encryption algorithm has a fixed hash, but then the security level would be very low, since from the moment you discovered a password, you would discover them all.

Cheers