0

My main data-storage system is built on Django. However, due to inevitable reasons, I have to develop another desktop application for data-entry that uses .NET platform.

However, how can I authenticate the .NET application based on Django user authentication? I looked at the encrypted password, and apparently it uses some weird algorithm ( I thought it is going to standard AES or Triple-DES encryption, which can be easily done in .NET). So because of that, I cannot compare the password entered by user (in the .NET app) with the encrypted password in the database.

Is there any API/ways of doing this smartly?

Improve this question

1 Answer 1

Reset to default
3

The passwords aren't encrypted, they're hashed. There is a big difference. You don't want to encrypt passwords, as when you encrypt something you're expecting to be able to unencrypt it. With passwords, you never want to unencrypt them: when you're checking that the user has entered their password correctly, you simply hash what they've entered using the same algorithm, then compare the hashes.

Django doesn't use any "weird" algorithm for hashing: it simply uses the sha1 algorithm, plus a salt. The format is fully described here. There's absolutely no reason you couldn't reproduce this in .NET.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks. Now I understand better. I always thought that passwords are encrypted in the database. Is the salt randomized word or it is something that I could find in the Django settings?
As explained in that link, the salt is a random string per password, which is stored along with the password itself.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.