Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to show encrypted password
- Thread starter alisaif
- Start date
Olaf Doschke
Programmer
You can't inverse the output of SYS(2007) to get back to cleartext passwords. It computes a checksum, which is one form of a hash value.
Therefore ramani said in hiw faq:
Bye, Olaf.
Therefore ramani said in hiw faq:
ramani said:
Bye, Olaf.
Mike Lewis
Programmer
Well, yes, you can display the encrypted password. But is that what you want? It will just be a meaningless series of digits.
Perhaps you mean you want to display the decrypted password. If so, you are out of luck. SYS(2007) is a one-way street.
The normal approach is to store the encrypted version; then, when the user tries to log in, encrypt whatever he entered, and compare that to the stored version.
Mike
__________________________________
Mike Lewis (Edinburgh, Scotland)
Visual FoxPro articles, tips and downloads
- Thread starter
- #4
Mike Lewis
Programmer
You mean you want to convert "34324" back to "Secret777"? You can't. That's what we've been saying.
If you really want to know what the unencrypted version is, you will have to store it separately - with all the security implications that that involves.
Mike
__________________________________
Mike Lewis (Edinburgh, Scotland)
Visual FoxPro articles, tips and downloads
If you really want to know what the unencrypted version is, you will have to store it separately - with all the security implications that that involves.
Mike
__________________________________
Mike Lewis (Edinburgh, Scotland)
Visual FoxPro articles, tips and downloads
- Thread starter
- #6
Tore Bleken
Programmer
You should never be able to restore the password from the encrypted value, that's the whole point. If it was possible to restore it, then a hacker can restore it, and then you don't have any security anymore.
- Thread starter
- #8
He could probably use a rainbow table to get an equivalent password (something that generates the same checksum)
they are available on the 'net
Regards
Griff
Keep [Smile]ing
they are available on the 'net
Regards
Griff
Keep [Smile]ing
There are 10 kinds of people in the world, those who understand binary and those who don't.
I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are not good for you.
I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are not good for you.
vgulielmus
Programmer
SYS(2007) is not safe for passwords, because of the small value of the total number of variants (65536).
At least use the 32 bit version of SYS(2007), which took longer to "decrypt", because of the 4294967296 variants (over 4 billions)
The following two demos demonstrates how quickly is broken the 16 bit versions of SYS(2007)
This small piece of code find almost instantaneously an equivalent password for the 16 bit version of SYS(2007)
This small piece of code find almost instantaneously a valid password for the 16 bit version of SYS(2007), for "34324"
Respectfully,
Vilhelm-Ion Praisach
Resita, Romania
At least use the 32 bit version of SYS(2007), which took longer to "decrypt", because of the 4294967296 variants (over 4 billions)
The following two demos demonstrates how quickly is broken the 16 bit versions of SYS(2007)
This small piece of code find almost instantaneously an equivalent password for the 16 bit version of SYS(2007)
Code:
lcpass=INPUTBOX("Enter password","Password","Secret777",0,"","Secret777")
lcCheckSum=SYS(2007,lcpass)
? "Enocded vwesion for", lcpass,"is", lcCheckSum
FOR lni=1 TO 10*65536
IF SYS(2007,ALLTRIM(STR(lni)))==lcCheckSum
? "Candidate password is ",ALLTRIM(STR(lni))
EXIT
ENDIF
NEXTThis small piece of code find almost instantaneously a valid password for the 16 bit version of SYS(2007), for "34324"
Code:
lcCheckSum=INPUTBOX("Enter encoded string","Encoded password","34324",0,"","34324")
FOR lni=1 TO 10*65536
IF SYS(2007,ALLTRIM(STR(lni)))==lcCheckSum
? "Candidate password is ",ALLTRIM(STR(lni))
EXIT
ENDIF
NEXTRespectfully,
Vilhelm-Ion Praisach
Resita, Romania
"You should never be able to restore the password from the encrypted value, that's the whole point. If it was possible to restore it, then a hacker can restore it, and then you don't have any security anymore."
Yes, that's the strong point of security. I read a news story this week about a letter now being presented by scores of professionals imploring the Obama Administration to reject the security agencies in the USA from securing the ability to access encrypted information through a "back door." The consensus among professionals in the know is that this severely compromises the security of information. IOW, it can't be done without destroying the intention of security methodology and opening doors to governments around the world and other hackers from gaining access to sensitive information.
Yes, that's the strong point of security. I read a news story this week about a letter now being presented by scores of professionals imploring the Obama Administration to reject the security agencies in the USA from securing the ability to access encrypted information through a "back door." The consensus among professionals in the know is that this severely compromises the security of information. IOW, it can't be done without destroying the intention of security methodology and opening doors to governments around the world and other hackers from gaining access to sensitive information.
- Status
Similar threads
