I am using gsoap's wsseapi plugin and would like to store hashed sha1 passwords rather than plain text. I have spent a ridiculous amount of time experimenting with various methods of hashing the plain text password for storage.
Can anyone suggest a way to hash a password so it can be later verified against a username token digest sent by the client?
I can't seem to get the client password to authenticate against my stored hash.
Seems that the plain text password is required at both sides. This is so that on the server, the password stored is hashed using the nonce created at the client side and then the password hashes are compared.
I thought there may have been a way for the client to enter a normal alphanumeric password and for the server to retrieve a pre-stored hashed up version of the same password for comparison. Seems this isn't possible because of the nonce, timestamp etc