I don't think I need to get the actual readable password itself. I just need to
be able to send the username and the password in whatever format First Class can
handle it - I'll check if it can receive a hashed password. In the mean time,
how do I get that hashed password? I need a method that will work for win95 and
win2000 also (or at least a seperate solution).
thanks,
Phil.
"Nic Wise" <[EMAIL PROTECTED]> on 06/06/2000 14:05:33
Please respond to [EMAIL PROTECTED]
To: Multiple recipients of list delphi <[EMAIL PROTECTED]>
cc: (bcc: Phillip Middlemiss/NZ Forest Research Institute/NZ)
Subject: RE: [DUG]: one time authentication
NT's security uses a one-way hash, similar, if not actually, MD5. Basically,
there is NO WAY to reverse it - the only way to crack it is to go thru a
dictionary and encrypt each one, then test the encrypted results.
Unix is the same, but it uses 3des (des, then des again, then des AGAIN)
NT's NTLM authentication works 'cos the workstation has the password, or
atleast the hash of it, as does the server - it sends that hash over the
wire, based on the username I think, so the username / password combination
never gets sent - just the username and the one-way hash.
Make sense???
:)
N
--
Nic Wise - 021.676.418 / [EMAIL PROTECTED] / Inprise/Borland New Zealand
Is it not a foolish man, said little Woo, who keeps all his chickens in his
trousers?
For at best, will he not suffocate his chickens, and, and worst, will he not
disappoint the ladies in the village? --Alexi Sayle
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Peter Hyde
> Sent: Tuesday, 6 June 2000 10:49
> To: Multiple recipients of list delphi
> Subject: Re: [DUG]: one time authentication
>
>
> Philip wrote:
>
> > Hmmm, I can see how to get hold of the user's name easily
> enough. But what
> > about the password? and what format is the password in?
>
> I was afraid you'd ask that. About two minutes after sending off
> the "sure you can read the registry" answer, it occurred to me
> that you may not have previously confirmed that the data is,
> indeed, findable and decipherable in the registry, even if you can
> read the keys themselves.
>
> No immediate answer springs to mind -- NT security may be tight
> enough to render it very difficult to decode what you're after, but
> someone else may have a more informed answer.
>
>
> cheers,
> peter
>
> ============================================
> Peter Hyde, WebCentre and SPIS, Christchurch, New Zealand
> * Web automation for online periodicals: http://TurboPress.com
> * TurboNote: http://TurboPress.com/tbnote.htm
> -- small, FREE and very handy
> ------------------------------------------------------------------
> ---------
> New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
> Website: http://www.delphi.org.nz
>
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
