Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IE Passwords/Windows passwords hash?

Status
Not open for further replies.

jnxx

Programmer
May 18, 2005
14
GB
I've been developing windows utilities now for over a month and is currently working on a utility to retrieve all stored passwords on a windows machine(particularly, WinXP/Win2000).

I've now located the place where windows stores its passwords, but the passwords are encrypted, in something encryption method called "hash MD5 or MD4" does anyone know anything about this encryption and whether there is support for it in Delphi 7/C++ builder? Of course i need to convert the "hashed " passwords back to plain text, would that be poss?

I am aware that there are similar utilities available on the internet, but i need to create ones that meet the specific needs of my work.

Thanks
PS: If this is not the right forum for this, please let me know which is.
 
MD5 and MD4 are hash functions that take input of arbitrary length and produce output (in the case of MD5 at least) of 128 bits. They are cryptographic in that it is supposed to be 'hard' to go from the hash output back to the original. By hard I mean that there is no method which is more efficient than brute force trying all possible combinations. Another feature of cryptographic hash functions is that it is 'hard' to find two different inputs to the function that have the same output. For this reason, it is common practice to never store passwords in plain text. Instead the hash is stored, and when a user enters a password, the hash is checked against the stored hash. If they match, the password is assumed to be correct. Recently there have been some attacks against MD5 which have weakened it a bit. There are lots of libraries out there to compute the MD5 hash of something (OpenSSl, etc). That's all you should need unless you are trying to do something nefarious (or unsafe, like writing a utility that stores passwords in the clear).
 
Thanks guys you've both been a great help!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top