I believe NT security is hashed using MD4.
You can check if the user has logged onto (has been verified) against a NT
Server machine, in which case you can then take it that the current user is
whoever they say they are based on their username.
Myles.
> -----Original Message-----
> From: Dennis Chuah [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, June 06, 2000 3:33 PM
> To: Multiple recipients of list delphi
> Subject: RE: [DUG]: one time authentication
>
>
> Following on from that, the only information you can get from NT is the
> usercode of the person who is logged in and in which domain. If you
> integrate your security with NT's, then you will have to query NT's
> security
> to retrieve the above 2 pieces of information, and match it against your
> list of users - and implicitly trust that NT has correctly authenticated
> the
> user, therefore it is important to use the domain information. If you
> need
> to call another program passing in the password, you've got to store the
> password separately. BTW, you can query NT to see if a
> domain/usercode/password combination is valid.
>
> Regards,
> Dennis.
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Nic Wise
> > Sent: Tuesday, 6 June 2000 14:06
> > To: Multiple recipients of list delphi
> > Subject: RE: [DUG]: one time authentication
> >
> >
> > NT's security uses a one-way hash, similar, if not actually,
> > MD5. Basically,
> > there is NO WAY to reverse it - the only way to crack it is
> > to go thru a
> > dictionary and encrypt each one, then test the encrypted results.
> >
> > Unix is the same, but it uses 3des (des, then des again, then
> > des AGAIN)
> >
> > NT's NTLM authentication works 'cos the workstation has the
> > password, or
> > atleast the hash of it, as does the server - it sends that
> > hash over the
> > wire, based on the username I think, so the username /
> > password combination
> > never gets sent - just the username and the one-way hash.
> >
> > Make sense???
> >
> > :)
> >
> > N
> > --
> > Nic Wise - 021.676.418 / [EMAIL PROTECTED] /
> > Inprise/Borland New Zealand
> > Is it not a foolish man, said little Woo, who keeps all his
> > chickens in his
> > trousers?
> > For at best, will he not suffocate his chickens, and, and
> > worst, will he not
> > disappoint the ladies in the village? --Alexi Sayle
> >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Peter Hyde
> > Sent: Tuesday, 6 June 2000 10:49
> > To: Multiple recipients of list delphi
> > Subject: Re: [DUG]: one time authentication
> >
> >
> > Philip wrote:
> >
> > > Hmmm, I can see how to get hold of the user's name easily
> > enough. But what
> > > about the password? and what format is the password in?
> >
> > I was afraid you'd ask that. About two minutes after sending off
> > the "sure you can read the registry" answer, it occurred to me
> > that you may not have previously confirmed that the data is,
> > indeed, findable and decipherable in the registry, even if you can
> > read the keys themselves.
>
> >
> > No immediate answer springs to mind -- NT security may be tight
> > enough to render it very difficult to decode what you're after, but
> > someone else may have a more informed answer.
> >
> >
> > cheers,
> > peter
> >
> > ============================================
> > Peter Hyde, WebCentre and SPIS, Christchurch, New Zealand
> > * Web automation for online periodicals: http://TurboPress.com
> > * TurboNote: http://TurboPress.com/tbnote.htm
> > -- small, FREE and very handy
> > ------------------------------------------------------------------
> > ---------
> > New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
> > Website: http://www.delphi.org.nz
> >
>
> --------------------------------------------------------------------------
> -
> New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
> Website: http://www.delphi.org.nz
>
> --------------------------------------------------------------------------
> -
> New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
> Website: http://www.delphi.org.nz
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
