Jump to content
Sign in to follow this  
MWIDNER21

_crypt_hashdata password in script

Recommended Posts

MWIDNER21

Hello all, I am trying to "hide" a password in a script. I used the _crypt_hashdata command and created a hash I can use. Once I did that I put that hash into an obscure file on a file share that is secured. I then will have my script call that file and read the line for the hash then use the rest of the script to "decode" the hash and input the password. My issue is I am unable to find a way to actually use the hash and "decrypt" it or use it to grant permissions to the script to run. I'm not sure if decrypt is the right way to put it, but I want to use the hidden password to execute a command as a different user in the script.

Thank you.

Share this post


Link to post
Share on other sites
mrider

A "hash" is non-reversible.  The theory is that bytes of data are mathematically processed such that two different data sets are unlikely to produce the same result.  Even changing one bit will have a large effect on the result.  The theory is also that it is impossible - or at least very, very difficult - to go from the result of the algorithm back to the original bytes.

 

Using a hash for a password works like this:

When the user sets her password, the hash is generated and stored for later reference.

When the user tries to log in, she supplies her password.

The same hash algorithm is used to create a hash.

The stored hash is compared to the generated hash.  If they match the user supplied the same password.

 

 

Certainly you can encrypt the password so that it isn't stored in your program, but if you do so then you either need to embed the password for the encryption or ask the user for the encryption password.  (It's turtles all the way down). 

You are encountering the same problem the media giants are encountering with DRM.  You are trying to keep the end user from knowing the password while simultaneously allowing a user to access data/whatever that requires said password.  It (meaning a password) has to be somewhere.

Edited by mrider

How's my riding? Dial 1-800-Wait-There

Trying to use a computer with McAfee installed is like trying to read a book at a rock concert.

Share this post


Link to post
Share on other sites
MWIDNER21

So maybe hashing the passwod isn't the way to go? I just dont want the password in clear text in the source code.

Share this post


Link to post
Share on other sites
mrider

I've never used encryption in AutoIt, so maybe someone that actually knows what they are doing will chime in.  However, in rough terms here's what I would do if forced.

* Write a throwaway script that derives a key from a passphrase.

* Extract the bytes from that key and record them in some way.

* Also use the throwaway script to encrypt the real password and store the result in your file.

* Embed the key as raw bytes in your real script.

* Reassemble the bytes inside your real script and use that reassembly as the key.

* Use the key to decrypt the data in your file which is stored separately.

You'll want to look at:

_Crypt_DeriveKey,

_Crypt_EncryptData (or file), and

_Crypt_DecryptData (or file)

Edited by mrider

How's my riding? Dial 1-800-Wait-There

Trying to use a computer with McAfee installed is like trying to read a book at a rock concert.

Share this post


Link to post
Share on other sites
BrewManNH

Use _Crypt_HashData to hash the first password, the one you want to compare against, store that in your script because it's at least as secure as it can be there. Then when a user enters their password, you use _Crypt_HashData to hash the entered password, do a very simple "if $storedhash = $enteredhash then" statement to compare the hash of the entered password against the stored password to see if they match or not. The collisions on the hashes are slight enough to make it fairly secure.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×