Issue importing MD5 Hash passwords into Ablecommerce 7.0.3

[tonygets]

Hi,

We are having an issue importing MD5 hash passwords from an old website into AC 7.0.3. We understand that AbleCommerce supports MD5, SHA1, SHA256, SHA384, and SHA512 hash passwords. We have specified that our passwords are MD5 but Ablecommerce is not computing the passwords as expected.

As an example, we have a password called 'Mumba' which when computed with MD5 is calculated as: 'db4e9ea0ebc2f4c2ea90972d65d3b805'.
However in AbleCommerce the MD5 hash calculated for password 'xxxx' is 'krKUMVptcupgMeG6y7nfoL2d65d3b805'.

We can calculate MD5 hash online at http://www.adamek.biz/md5-generator.php from this you can see that the MD5 hash calculated by AbleCommerce does not seem to be valid.

Please can someone shed some light on as to why Ablecommerce is not computing as expected and how we may be able to remedy this problem?

Thanks and regards,

Tony

[mazhar]

First AbleCommerce calculates hash in Base 64 where as the link you posted calculates it in hexadecimal, secondly AbleCommerce also includes salt value when calculating MD5 hash that's why you are seeing difference in calculated values for hash. Adding proper salt value and converting it to base 64 will convert your calculated MD5 hash to same as of AbleCommerce.

[tonygets]

Hi Mazhar,

Thanks for that information. We have resolved our issues. Apparently the salt information added confusion because as it turned out the original password hashes did not use any salt therefore when converting to equivalent AC7 hashes an empty zero length byte array is used as a salt.

Appreciate your assistance.

Kind regards,

Tony