Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to show encrypted password

Status
Not open for further replies.

alisaif

ISP
Apr 6, 2013
418
AE
Hi,

I am using Mr.Ramani's faq184-1262.
I want to display encrypted password saved in a field of user rights.

Please guide..

Thanks

Saif


 
You can't inverse the output of SYS(2007) to get back to cleartext passwords. It computes a checksum, which is one form of a hash value.

Therefore ramani said in hiw faq:

ramani said:
3. Whenever the password is accepted, compare for accepting it, by converting the same way.

myInPass=SYS(2007,ALLTRIM(ThisForm.txtLogInPass.Value))
IF myPassFile.myPasswordField = myInPass
** LET THE USER IN
ELSE
** SHOW THE OUT-DOOR
ENDIF

Bye, Olaf.
 
I want to display encrypted password

Well, yes, you can display the encrypted password. But is that what you want? It will just be a meaningless series of digits.

Perhaps you mean you want to display the decrypted password. If so, you are out of luck. SYS(2007) is a one-way street.

The normal approach is to store the encrypted version; then, when the user tries to log in, encrypt whatever he entered, and compare that to the stored version.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads
 
Suppose my password is "Secret777" and saving "34324". How can I see "34324" to "Secret777".

Thanks

Saif
 
You mean you want to convert "34324" back to "Secret777"? You can't. That's what we've been saying.

If you really want to know what the unencrypted version is, you will have to store it separately - with all the security implications that that involves.

Mike


__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads
 
So, if the user forget the password, I can not see. The only solution is to change the password.

Saif
 
You should never be able to restore the password from the encrypted value, that's the whole point. If it was possible to restore it, then a hacker can restore it, and then you don't have any security anymore.
 
He could probably use a rainbow table to get an equivalent password (something that generates the same checksum)
they are available on the 'net

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are not good for you.
 
Only solution is to reset the password, in the same way as when you forgot Windows login password. This way you protect the user's password.
 
SYS(2007) is not safe for passwords, because of the small value of the total number of variants (65536).
At least use the 32 bit version of SYS(2007), which took longer to "decrypt", because of the 4294967296 variants (over 4 billions)

The following two demos demonstrates how quickly is broken the 16 bit versions of SYS(2007)

This small piece of code find almost instantaneously an equivalent password for the 16 bit version of SYS(2007)
Code:
lcpass=INPUTBOX("Enter password","Password","Secret777",0,"","Secret777")
lcCheckSum=SYS(2007,lcpass)
? "Enocded vwesion for", lcpass,"is", lcCheckSum
FOR lni=1 TO 10*65536
  IF SYS(2007,ALLTRIM(STR(lni)))==lcCheckSum
    ? "Candidate password is ",ALLTRIM(STR(lni))
    EXIT
  ENDIF
NEXT

This small piece of code find almost instantaneously a valid password for the 16 bit version of SYS(2007), for "34324"
Code:
lcCheckSum=INPUTBOX("Enter encoded string","Encoded password","34324",0,"","34324")
FOR lni=1 TO 10*65536
  IF SYS(2007,ALLTRIM(STR(lni)))==lcCheckSum
    ? "Candidate password is ",ALLTRIM(STR(lni))
    EXIT
  ENDIF
NEXT

Respectfully,
Vilhelm-Ion Praisach
Resita, Romania
 
"You should never be able to restore the password from the encrypted value, that's the whole point. If it was possible to restore it, then a hacker can restore it, and then you don't have any security anymore."

Yes, that's the strong point of security. I read a news story this week about a letter now being presented by scores of professionals imploring the Obama Administration to reject the security agencies in the USA from securing the ability to access encrypted information through a "back door." The consensus among professionals in the know is that this severely compromises the security of information. IOW, it can't be done without destroying the intention of security methodology and opening doors to governments around the world and other hackers from gaining access to sensitive information.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top