473,320 Members | 2,029 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

WIndows and linux password

180 100+
Hi guys,
How do I access system( windows/ linux ) user's password??? After the user has logged in, I want to access user's system password and set that password to my application's textEdit.

Is there any function??? The solution has to be portable...

Thanks
Jun 4 '07 #1
20 2992
svlsr2000
181 Expert 100+
Hi guys,
How do I access system( windows/ linux ) user's password??? After the user has logged in, I want to access user's system password and set that password to my application's textEdit.

Is there any function??? The solution has to be portable...

Thanks
You want to know the password or reset the passwords
Jun 4 '07 #2
vermarajeev
180 100+
You want to know the password or reset the passwords
I just want to access the password so that I can set it to TextEdit of my application.

Did I make sense???
Jun 4 '07 #3
DeMan
1,806 1GB
You want to display a password as plaintext (from the system) ?

They are kept secure for a reason.......and if that is indeed what you want to do, I do not think this is an appropriate medium to discuss it....
Jun 4 '07 #4
vermarajeev
180 100+
You want to display a password as plaintext (from the system) ?
Yes, as plainText


They are kept secure for a reason.......and if that is indeed what you want to do, I do not think this is an appropriate medium to discuss it....
Can you suggest some good medium where I can get answers???

Thanks
Jun 4 '07 #5
DeMan
1,806 1GB
I don't actually know where you would. What you want to do is essentially hacking (even if your intentions are innocent), and this site's policy is against promoting hacking.

While I understand that you may not intend any harm by your question, please understand that there are potential security repercussions (particularly when you want an answer posted in a public forum).

As mentioned in an earlier post, there is good reason why it is difficult to do what you want, and I can think of no legitimate reason that you would want to achieve this.
Jun 4 '07 #6
vermarajeev
180 100+
I don't actually know where you would. What you want to do is essentially hacking (even if your intentions are innocent), and this site's policy is against promoting hacking.

While I understand that you may not intend any harm by your question, please understand that there are potential security repercussions (particularly when you want an answer posted in a public forum).

As mentioned in an earlier post, there is good reason why it is difficult to do what you want, and I can think of no legitimate reason that you would want to achieve this.
Ofcourse there are vaild reasons..
Here it goes...

First I work on chemistry application where my application creates some text files. I then write program to encrypt these files. Now to encrypt these files you require a password. This password has to be the system's (user logged in ) password as per my employer.

Here are his words...

START of his words
---------------------------------------------
There is one point I see that I did not clarify. That particular bunch of
users don't want to give a passphrase every session.
They want to give one and never change it until their
site's system administrator asks them to do so..
---------------------------------------------
END of his words

So what do you say about his words...According to me he wants to set the file's password to system's (user logged in ). There is no intention for me to hack system's password. It is just that my employer wants it...

Please reply me soon, as this is really important to me...

Thanks for your understanding.
Jun 4 '07 #7
RedSon
5,000 Expert 4TB
Ofcourse there are vaild reasons..
Here it goes...

First I work on chemistry application where my application creates some text files. I then write program to encrypt these files. Now to encrypt these files you require a password. This password has to be the system's (user logged in ) password as per my employer.

Here are his words...

START of his words
---------------------------------------------
There is one point I see that I did not clarify. That particular bunch of
users don't want to give a passphrase every session.
They want to give one and never change it until their
site's system administrator asks them to do so..
---------------------------------------------
END of his words

So what do you say about his words...According to me he wants to set the file's password to system's (user logged in ). There is no intention for me to hack system's password. It is just that my employer wants it...

Please reply me soon, as this is really important to me...

Thanks for your understanding.
Sorry, not sure if anyone is believing you. I don't think I would trust you.

But let me try to figure out what you are talking about. This is a windows environment is it not? First the users of your application make some text files. Then they encrypt them. They use their user password to encrypt them. Who are they trying to protect the information from? Are they trying to encrypt them for transport to your employer? Are they encrypting them to prevent hackers from seeing the files?

So now they have a password protected file on their desktop. What then? Lets assume they transfer it to their boss because their work is done. Now the boss has an encrypted file sitting on his desktop. And the only way to un-encrypt it is for the boss to know the user's password. So lets say the boss knows or has in plain text the users password. (Lets not go into how crazy that last sentence sounds). He un-encrypts it. Now he has a plain text piece of information on his desktop. Is that about what you want to happen to the data?

Now we can get into how crazy that is. First, you never, ever, ever, ever store a plain text password for anything, ever. Second, packing an encrypted file with a plain text password and giving to someone defeats the purpose of encryption. Third, if you want the user to enter their password to encrypt or decrypt it thats fine, but you should make it so the boss' password decrypts everything. Like a master key in a lock. People use passwords that they are familiar with, so chances are they are using that same password to protect their online bank account or other important thing. Making it available plain text is a serious breach of security and their trust.

Another way to go about this is public key infrastructure. Both windows and linux servers will give out certificates (I think linux calls them keys) to any user who requests them. You can then store public certificates in on the server where any user can grab the bosses public certificate and use it to encrypt.

Windows also has a security manager that will allow you to do a lot of the things that you want to do without shooting yourself in the foot by making passwords plaintext.
Jun 4 '07 #8
Motoma
3,237 Expert 2GB
In Linux you can snag the hashed password from the /etc/passwd or /etc/shadow file. You shouldn't need to decrypt is, as you can always just test the hash against the stored value for authentication. In Windows, passwords are stored hashed in another way, which I don't know.

BUT WAIT, this may not be needed. If you are in a larger corporate/educational environment, your friendly administrators have probably set up an authentication system using some technology like Active Directory or LDAP. In that case, passwords will not exist on the local machine; you should be able to authenticate against that server one, and store some information about the login information somewhere, and read that in the future log ins.
Jun 4 '07 #9
vermarajeev
180 100+
Sorry Redson but you mistook me.
First off I use cryptp++ lib (AES::CBC ) for encryption and decryption purpose.
First, you never, ever, ever, ever store a plain text password for anything, ever.
I know that so I first digest the password using some salt and then using that encrypted password I then encrypt the file.

Second, packing an encrypted file with a plain text password and giving to someone defeats the purpose of encryption.
I think I already answered
Third, if you want the user to enter their password to encrypt or decrypt it thats fine, but you should make it so the boss' password decrypts everything.
But I want the password to be same and not public and private keys algorithm.
Since it is a chemistry application, it is useful for researchers in chemistry field. Now suppose there are two chemist ( chem1 and chem2 ). chem1 did some vast research and discovered some drug. Now chem1 would not be interested in disclosing his research. So what he wants is some kind of security. Hence, as a programmer I need to encrypt the file which chem1 has created which if by chance gets to the way of chem2 is unable to identify what the file contains.

On the other way round there are situations where chem1 has some of his peers who helped him to discover the drug or there are some bunch of users under his site. So what do you think should happen??? I think the peers, bunch of users wouldnt be happy to enter the same password again and again to decrypt the file. Hence, to make their work easy chem1 would encrypt the file with site's administrator password. Since chem1's peers and bunch of users are under same roof they need not enter the password to decrypt the file which is taken care by administrator's password.

OK, I agree in that I need not decrypt the system password. What I can do is get access to system (user logged in ) password( encrypted one ). Use this same encrypted password to encrypt my file. OK that makes much better sense.

Now here are my questions.
1) How can I get system( user's password ) on windows and linux???
I know windows stores all user password in registry file, but how do I access that file and access the password (encrypted)????
On linux too I know the user's password is stored in /etc/shadow or /etc/passwd. But can someone out there tell me how to access these both on windows and linux????

Motoma--> You make some sense, Thanks. But my question is how to snag the password??? Both on windows and linux.


I think I'm clear now. If not please let me know..
Thanks
Jun 5 '07 #10
RedSon
5,000 Expert 4TB
Sorry Redson but you mistook me.
First off I use cryptp++ lib (AES::CBC ) for encryption and decryption purpose.

I know that so I first digest the password using some salt and then using that encrypted password I then encrypt the file.


I think I already answered

But I want the password to be same and not public and private keys algorithm.
Since it is a chemistry application, it is useful for researchers in chemistry field. Now suppose there are two chemist ( chem1 and chem2 ). chem1 did some vast research and discovered some drug. Now chem1 would not be interested in disclosing his research. So what he wants is some kind of security. Hence, as a programmer I need to encrypt the file which chem1 has created which if by chance gets to the way of chem2 is unable to identify what the file contains.

On the other way round there are situations where chem1 has some of his peers who helped him to discover the drug or there are some bunch of users under his site. So what do you think should happen??? I think the peers, bunch of users wouldnt be happy to enter the same password again and again to decrypt the file. Hence, to make their work easy chem1 would encrypt the file with site's administrator password. Since chem1's peers and bunch of users are under same roof they need not enter the password to decrypt the file which is taken care by administrator's password.

OK, I agree in that I need not decrypt the system password. What I can do is get access to system (user logged in ) password( encrypted one ). Use this same encrypted password to encrypt my file. OK that makes much better sense.

Now here are my questions.
1) How can I get system( user's password ) on windows and linux???
I know windows stores all user password in registry file, but how do I access that file and access the password (encrypted)????
On linux too I know the user's password is stored in /etc/shadow or /etc/passwd. But can someone out there tell me how to access these both on windows and linux????

Motoma--> You make some sense, Thanks. But my question is how to snag the password??? Both on windows and linux.


I think I'm clear now. If not please let me know..
Thanks
So if you are interested in encrypting files to securely share with other chems why not ask them to think of a new password each time. Then chem1 can give chem2 the data file and then call them on the phone and say "the password is 'abracadabra'". I don't understand why there is this requirement to use the users logged in system password. If chem1 logs into their computer with the password of "chem1pass" and then creates an encrypted file with the unlock password of "chem1pass" then gives that file to chem2 then chem2 has to know chem1's password to decrypt the file. Now chem2 knows chem1's login password which totally flys in the face of every security principle.
Jun 5 '07 #11
vermarajeev
180 100+
So if you are interested in encrypting files to securely share with other chems why not ask them to think of a new password each time.
As that would be more overhead to enter the password again and again. In fact this was my previous plan but my employer says, the chemist dont want to enter the password again and again. So provide only a single password.

I don't understand why there is this requirement to use the users logged in system password. If chem1 logs into their computer with the password of "chem1pass" and then creates an encrypted file with the unlock password of "chem1pass" then gives that file to chem2 then chem2 has to know chem1's password to decrypt the file. Now chem2 knows chem1's login password which totally flys in the face of every security principle.
You are right, What about the other scenario in my previous post?? What about chem1's peer and bunch of users under the same post??? Do you think it would be fair for the inhouse employees to enter the password again and again???

I dont know whether you trust me??? I have my deadline nearby...
I think GURU, Banfa has to provide me some solution. I hope he sees this post and reply me.

Thanks
Jun 6 '07 #12
Motoma
3,237 Expert 2GB
As I mentioned previously, in most corporate and educational environments authentication is typically done against a server. If this is the case in your situation, your program will need to authenticate against that server as well. Once you authenticate, you know that the password your user typed in is correct, and you can use that to encrypt/decrypt your data.
Jun 6 '07 #13
sicarie
4,677 Expert Mod 4TB
vermarajeev-

You're not using PGP or something of the sort solely because you want an encrypted file to be able to be decoded by anyone with a single password?

Why not just lock it in MS Word or OpenOffice or whatever text editor?
Jun 6 '07 #14
sicarie
4,677 Expert Mod 4TB
Or you could figure it out how to use the same PGP key for decryption on both (probably by using the same PGP key to encrypt, but I'm not sure).
Jun 6 '07 #15
Or you could figure it out how to use the same PGP key for decryption on both (probably by using the same PGP key to encrypt, but I'm not sure).

i think what he wants to do is to use a symmetric algorithm like AES or DES for encryption/decryption
now what he wants is the Password which he could convert to a 16 byte key, using his own algorithm.
I think you might have thought about some way to create a 16 byte key from the password.

but now the problem is that you need the password from OS, which i am not sure you will be able to get.
write a test application to read the file directly to retrieve the Hash of the Password.
you are done if you are able to do so. i am not sure you will be getting the password directly using some win32 API, because then it doesnt serve the purpose.

what i dont understand is that, what will the HOD, Chem lab will do to decrypt the files, would he be having the list of passwords of all researchers, or would he be calling them all the time.

either way, i would prefer them to enter a password for your application, and you can cache that password through out the application to avoid multiple entries.
this would be the best way, doing so you can have your own constraints on the password to make it strong, like alphanumeric characters, minimum 8 chars etc...
Jun 7 '07 #16
vermarajeev
180 100+
Hmm, dumparun makes some sense.
but now the problem is that you need the password from OS, which i am not sure you will be able to get.
Exactly, I want the same and got to know that it is not possible and got to know it would be illegal.
write a test application to read the file directly to retrieve the Hash of the Password.
you are done if you are able to do so.
Can you be more clear about this??? What password are you talking about???
i am not sure you will be getting the password directly using some win32 API, because then it doesnt serve the purpose.
I think their has to be some way to do so...
what i dont understand is that, what will the HOD, Chem lab will do to decrypt the files, would he be having the list of passwords of all researchers, or would he be calling them all the time.
Yes the password has to be different and the researchers has to set their own password and needs to take care of NOT revileing the password to outsiders except the one who he wants to share the discovery( eg. drug ). This provides more security.
either way, i would prefer them to enter a password for your application, and you can cache that password through out the application to avoid multiple entries.
this would be the best way, doing so you can have your own constraints on the password to make it strong, like alphanumeric characters, minimum 8 chars etc..
In that case there will only be a single private password and if once disclosed would break the entire security which I dont think is a good idea...

I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...

Thanks,
Jun 7 '07 #17
AdrianH
1,251 Expert 1GB
Hi, I've not read all of this thread, but I would like to ask. Why not ask the user one other time for the password, encrypt it and put it in a file (like a cookie) and have it erased on logout? Or if all you care about is the user loging in, then don't erase that file and the user will never have to enter it again?


Adrian
Jun 7 '07 #18
Motoma
3,237 Expert 2GB
I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...
I think the solution is clear: the reason there are no security toolkits that work this way is because it is not a good way to handle security. I would suggest looking at enterprise solutions, such as PGP, which allow you to encrypt data, and send it in a way that can be readable by only the person it was intended it for.
Jun 7 '07 #19
Hmm, dumparun makes some sense.
haaa...
finally some body told that irrespective of my user name

Can you be more clear about this??? What password are you talking about???
well i was thinking about reading the hash from file like /etc/shadowpassword or something of that kind if you have access. has not done much research

I think their has to be some way to do so...
there wont be any way to read the password legally, other than hacking it.
Else it wont solve the purpose of having the password.

Yes the password has to be different and the researchers has to set their own password and needs to take care of NOT revileing the password to outsiders except the one who he wants to share the discovery( eg. drug ). This provides more security.

In that case there will only be a single private password and if once disclosed would break the entire security which I dont think is a good idea...

I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...

Now you are talking.
that was everybodys point here.
understand that Symmetric Algorithm like AES or DES use a single password for encrypting and decrypting.
so you need to share it across those who needs to read it.

Thats why we have Asymetric Algorithms like RSA, which is secure and provides non-repudiation.
in this case, you dont need to share the password.

every user of your system would be having a Key Pair, which could be ignited using your own password.
now the Lab Researcher1 , who is doing reserch after finding some thing would encrypt the file using the public key of his recepients, like HOD or his partner.
then he can send it to them through any un secured channel.

only those intended recipients would be able to read it.
done.

use Bouncy Castle / Open SSL algorithm for the same.
that only makes sense for your application.

Understand one clear and clean concept.
Usability and Security never Co-Exists

i am done, with my dump ideas :P
Jun 8 '07 #20
ktsun
1
I found a tool at http://www.boncle.com that encrypt file without sharing password with the other parties. Is it what you are looking for?
Jun 29 '07 #21

Sign in to post your reply or Sign up for a free account.

Similar topics

13
by: joltman | last post by:
We're working on an intranet site where we will require user's to only be able to access their own page in some instances. Rather than introducing another password to the mix, we were thinking...
1
by: Ronald Evers | last post by:
Hey all, I want to store passwords in a postgresql database. Currently I use the MD5Password class below and I've been developing on windows. I ran into problems when running my application on...
5
by: Isaac Raway | last post by:
Hello. I'm writing a Python program that connects to servers through telnetlib to execute a few commands. I've discovered that some of the servers that I have to connect to with this program run...
2
by: Chris | last post by:
A weird issue...though hopefully not for everyone... I am trying to connect to a 10g database on a Red Hat Linux server from my 9i client on a XP pc. Both are on my local home network, behind...
3
by: Sonu K Mehrotra | last post by:
mysql server is <172.16.27.39> running on Linux 9.1 I have installed mysql control center (client GUI) on 172.16.27.252 running on Windows 2000 advanced server The machines are connected in...
2
by: Amedee Van Gasse | last post by:
Hello, Since it is the first time I'm posting in these groups, I believe a (short) introduction of myself would not be a bad thing. I am mainly a support engineer, not a programmer. I do have...
3
by: DaveF | last post by:
I have a windows service running on my server. I need to copy a file from a remote linux server that requires a username and password. Can this be done? If so how? -- Dave
6
by: GD | last post by:
Hi All, I've got MySQL 5.0.21 running on Windows Server 2003, and php running on Apache on a Linux box (Fedora Core 4). Previously when the pages were running on an IIS server the connection...
9
by: 8anos | last post by:
Hello, I am new at the community and newbie at programming :) As you may know rapidshare provides a perl script for linux, to upload files at their servers. You can find the original scripts at...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.